GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-31 00:59:44 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port2Path0Target0Lun0 HDT72252 rev.V44O Running: GMER 1.0.15.15641.exe; Driver: C:\DOCUME~1\ADAM\USTAWI~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT spir.sys ZwCreateKey [0xB7EA70E0] SSDT spir.sys ZwEnumerateKey [0xB7EC5DA4] SSDT spir.sys ZwEnumerateValueKey [0xB7EC6132] SSDT spir.sys ZwOpenKey [0xB7EA70C0] SSDT spir.sys ZwQueryKey [0xB7EC620A] SSDT spir.sys ZwQueryValueKey [0xB7EC608A] SSDT spir.sys ZwSetValueKey [0xB7EC629C] INT 0x62 ? 89FCFBF8 INT 0x63 ? 89D8CF00 INT 0x73 ? 89F66BF8 INT 0x82 ? 89FCFBF8 INT 0x83 ? 89F66BF8 INT 0xB4 ? 89D8CF00 ---- Kernel code sections - GMER 1.0.15 ---- ? spir.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B627D62C 5 Bytes JMP 89D8C4E0 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5305380, 0x8D6CD5, 0xE8000020] .text aaks2gq8.SYS B5280386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aaks2gq8.SYS B52803AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aaks2gq8.SYS B52803C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aaks2gq8.SYS B52803C9 1 Byte [2E] .text aaks2gq8.SYS B52803C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spir.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spir.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spir.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spir.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spir.sys IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KfAcquireSpinLock] 001CA496 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!READ_PORT_UCHAR] C6168B00 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KeGetCurrentIrql] 001CC186 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KfRaiseIrql] 428A0A00 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KfLowerIrql] C286880C IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!HalGetInterruptVector] 8B00001C IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!HalTranslateBusAddress] 24A48DFA IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KeStallExecutionProcessor] 00000000 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!KfReleaseSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D3F0304 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!READ_PORT_USHORT] CB033043 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 0673C13B IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[HAL.dll!WRITE_PORT_UCHAR] C13B0003 IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[WMILIB.SYS!WmiSystemControl] 75000E7B IAT \SystemRoot\System32\Drivers\aaks2gq8.SYS[WMILIB.SYS!WmiCompleteRequest] 0B7D80E3 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spir.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89F611F8 Device \Driver\usbohci \Device\USBPDO-0 89D8A500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 89F641F8 Device \Driver\dmio \Device\DmControl\DmConfig 89F641F8 Device \Driver\dmio \Device\DmControl\DmPnP 89F641F8 Device \Driver\dmio \Device\DmControl\DmInfo 89F641F8 Device \Driver\usbehci \Device\USBPDO-1 89D5E470 Device \Driver\PCI_PNP3108 \Device\00000048 spir.sys Device \Driver\sptd \Device\2474984358 spir.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 89FD11F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 89FD11F8 Device \Driver\Cdrom \Device\CdRom0 89D1F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 89FD11F8 Device \Driver\Cdrom \Device\CdRom1 89D1F1F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 89FD11F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 89FD11F8 Device \Driver\nvata \Device\00000069 89FCF1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89A41500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E46D474E-8AD6-4408-9CD4-6F94F033E990} 89A41500 Device \Driver\usbohci \Device\USBFDO-0 89D8A500 Device \Driver\nvata \Device\NvAta0 89FCF1F8 Device \Driver\usbehci \Device\USBFDO-1 89D5E470 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AF71F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AF71F8 Device \Driver\Ftdisk \Device\FtControl 89FD11F8 Device \Driver\aaks2gq8 \Device\Scsi\aaks2gq81Port3Path0Target0Lun0 89BDF358 Device \Driver\aaks2gq8 \Device\Scsi\aaks2gq81 89BDF358 Device \Driver\nvgts \Device\Scsi\nvgts2Port2Path0Target0Lun0 89F621F8 Device \Driver\nvgts \Device\Scsi\nvgts1 89F621F8 Device \Driver\nvgts \Device\Scsi\nvgts2 89F621F8 Device \Driver\nvgts \Device\Scsi\nvgts2Port2Path1Target1Lun0 89F621F8 Device \FileSystem\Cdfs \Cdfs 89B38500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x43 0x68 0x74 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x47 0xCC 0xB1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xBC 0x39 0x58 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0x40 0x82 0x89 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x47 0xCC 0xB1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xBC 0x39 0x58 ... ---- EOF - GMER 1.0.15 ----