GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-10 17:24:34 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD160JJ rev.ZM100-47 Running: kdcdzzf6.exe; Driver: C:\DOCUME~1\KRZYSI~1\USTAWI~1\Temp\kxloqpow.sys ---- System - GMER 1.0.15 ---- SSDT BA7F7204 ZwClose SSDT BA7F71BE ZwCreateKey SSDT BA7F720E ZwCreateSection SSDT BA7F71B4 ZwCreateThread SSDT BA7F71C3 ZwDeleteKey SSDT BA7F71CD ZwDeleteValueKey SSDT BA7F71FF ZwDuplicateObject SSDT BA7F71D2 ZwLoadKey SSDT BA7F71A0 ZwOpenProcess SSDT BA7F71A5 ZwOpenThread SSDT BA7F7227 ZwQueryValueKey SSDT BA7F71DC ZwReplaceKey SSDT BA7F7218 ZwRequestWaitReplyPort SSDT BA7F71D7 ZwRestoreKey SSDT BA7F7213 ZwSetContextThread SSDT BA7F721D ZwSetSecurityObject SSDT BA7F71C8 ZwSetValueKey SSDT BA7F7222 ZwSystemDebugControl SSDT BA7F71AF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! .text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F82360, 0x24526E, 0xE8000020] ? C:\ComboFix\catchme.sys System nie może odnaleźć określonej ścieżki. ! ? C:\WINNT\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\explorer.exe [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F20] C:\WINNT\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2C90] C:\WINNT\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2CF0] C:\WINNT\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CC0] C:\WINNT\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\explorer.exe[3192] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xC3 0x0B 0x6D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xC3 0x0B 0x6D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xC3 0x0B 0x6D ... ---- EOF - GMER 1.0.15 ----