GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-03 15:57:56 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC34 Running: ex5pplp0.exe; Driver: C:\Users\Arturek\AppData\Local\Temp\kxriqfog.sys ---- System - GMER 1.0.15 ---- INT 0x62 ? 85EEEF00 INT 0x62 ? 85EEEF00 INT 0x62 ? 85EEEF00 INT 0x62 ? 85EEEF00 INT 0x72 ? 85EEEF00 INT 0x82 ? 84D2BBF8 INT 0x82 ? 84D2BBF8 INT 0x82 ? 84D2BBF8 INT 0x82 ? 84D2BBF8 INT 0x82 ? 85EEEF00 INT 0x82 ? 84D2BBF8 INT 0xA2 ? 84D2ABF8 INT 0xB3 ? 85EEEF00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spuq.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8B54941B 5 Bytes JMP 85EEE4E0 .text aq2u7ijt.SYS 807CA000 22 Bytes [82, 73, 60, 82, 6C, 72, 60, ...] .text aq2u7ijt.SYS 807CA017 137 Bytes [00, 32, A7, 79, 80, 3D, A5, ...] .text aq2u7ijt.SYS 807CA0A1 43 Bytes [C0, 6D, 82, 74, B6, 67, 82, ...] .text aq2u7ijt.SYS 807CA0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...] .text aq2u7ijt.SYS 807CA0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D2] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691040] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806917FC] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910BE] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113C] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A1048] \SystemRoot\System32\Drivers\spuq.sys IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortNotification] CC000CC2 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortMoveMemory] 00012284 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0 IAT \SystemRoot\System32\Drivers\aq2u7ijt.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7413A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74118395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7416CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7410C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1276] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85AEE1F8 Device \FileSystem\fastfat \FatCdrom 86AA61F8 Device \Driver\volmgr \Device\VolMgrControl 84D2D1F8 Device \Driver\usbuhci \Device\USBPDO-0 85ECB1F8 Device \Driver\usbuhci \Device\USBPDO-1 85ECB1F8 Device \Driver\usbuhci \Device\USBPDO-2 85ECB1F8 Device \Driver\PCI_PNP3794 \Device\00000046 spuq.sys Device \Driver\usbehci \Device\USBPDO-3 85ECC1F8 Device \Driver\usbuhci \Device\USBPDO-4 85ECB1F8 Device \Driver\usbuhci \Device\USBPDO-5 85ECB1F8 Device \Driver\usbuhci \Device\USBPDO-6 85ECB1F8 Device \Driver\volmgr \Device\HarddiskVolume1 84D2D1F8 Device \Driver\USBSTOR \Device\00000064 85F0A500 Device \Driver\usbehci \Device\USBPDO-7 85ECC1F8 Device \Driver\volmgr \Device\HarddiskVolume2 84D2D1F8 Device \Driver\USBSTOR \Device\00000065 85F0A500 Device \Driver\cdrom \Device\CdRom0 85ECD1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85AEC1F8 Device \Driver\atapi \Device\Ide\IdePort0 85AEC1F8 Device \Driver\atapi \Device\Ide\IdePort1 85AEC1F8 Device \Driver\atapi \Device\Ide\IdePort2 85AEC1F8 Device \Driver\atapi \Device\Ide\IdePort3 85AEC1F8 Device \Driver\USBSTOR \Device\00000066 85F0A500 Device \Driver\cdrom \Device\CdRom1 85ECD1F8 Device \Driver\volmgr \Device\HarddiskVolume3 84D2D1F8 Device \Driver\USBSTOR \Device\00000067 85F0A500 Device \Driver\cdrom \Device\CdRom2 85ECD1F8 Device \Driver\volmgr \Device\HarddiskVolume4 84D2D1F8 Device \Driver\USBSTOR \Device\00000068 85F0A500 Device \Driver\volmgr \Device\HarddiskVolume5 84D2D1F8 Device \Driver\volmgr \Device\HarddiskVolume6 84D2D1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 8653A500 Device \Driver\netbt \Device\NetBT_Tcpip_{1C4E0C08-4AC5-4BD4-88B1-465653BB394C} 8653A500 Device \Driver\Smb \Device\NetbiosSmb 864F41F8 Device \Driver\sptd \Device\2517839805 spuq.sys Device \Driver\iScsiPrt \Device\RaidPort0 85F731F8 Device \Driver\usbuhci \Device\USBFDO-0 85ECB1F8 Device \Driver\usbuhci \Device\USBFDO-1 85ECB1F8 Device \Driver\usbuhci \Device\USBFDO-2 85ECB1F8 Device \Driver\usbehci \Device\USBFDO-3 85ECC1F8 Device \Driver\usbuhci \Device\USBFDO-4 85ECB1F8 Device \Driver\usbuhci \Device\USBFDO-5 85ECB1F8 Device \Driver\usbuhci \Device\USBFDO-6 85ECB1F8 Device \Driver\usbehci \Device\USBFDO-7 85ECC1F8 Device \Driver\aq2u7ijt \Device\Scsi\aq2u7ijt1Port6Path0Target0Lun0 85F6F500 Device \Driver\aq2u7ijt \Device\Scsi\aq2u7ijt1 85F6F500 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 85AED1F8 Device \Driver\aq2u7ijt \Device\Scsi\aq2u7ijt1Port6Path0Target1Lun0 85F6F500 Device \Driver\mv61xx \Device\Scsi\mv61xx1 85AED1F8 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target0Lun0 85AED1F8 Device \FileSystem\fastfat \Fat 86AA61F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 86A841F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 32231037 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -773271210 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x42 0x3C 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x56 0x3F 0x6D 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x33 0x28 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x4F 0x1C 0x0A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x42 0x3C 0x98 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x56 0x3F 0x6D 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x33 0x28 0x17 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x99 0x4F 0x1C 0x0A ... ---- EOF - GMER 1.0.15 ----