GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-23 16:36:41 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD10EARS-00MVWB0 rev.51.0AB51 Running: hpj5qmcm.exe; Driver: C:\DOCUME~1\ewa\USTAWI~1\Temp\kgnyipob.sys ---- System - GMER 1.0.15 ---- SSDT B87948BC ZwClose SSDT B8794876 ZwCreateKey SSDT B87948C6 ZwCreateSection SSDT B879486C ZwCreateThread SSDT B879487B ZwDeleteKey SSDT B8794885 ZwDeleteValueKey SSDT B87948B7 ZwDuplicateObject SSDT B879488A ZwLoadKey SSDT B8794858 ZwOpenProcess SSDT B879485D ZwOpenThread SSDT B87948DF ZwQueryValueKey SSDT B8794894 ZwReplaceKey SSDT B87948D0 ZwRequestWaitReplyPort SSDT B879488F ZwRestoreKey SSDT B87948CB ZwSetContextThread SSDT B87948D5 ZwSetSecurityObject SSDT B8794880 ZwSetValueKey SSDT B87948DA ZwSystemDebugControl SSDT B8794867 ZwTerminateProcess INT 0x63 ? 89E0FCC8 INT 0x63 ? 89E0FCC8 INT 0x63 ? 89E0FCC8 INT 0x63 ? 89E0FCC8 INT 0x63 ? 88EE0CC8 INT 0x83 ? 89E13CC8 INT 0x83 ? 88EE0CC8 INT 0x83 ? 89E13CC8 INT 0x84 ? 88EE0CC8 INT 0xA4 ? 88EE0CC8 INT 0xA4 ? 88EE0CC8 INT 0xA4 ? 88EE0CC8 INT 0xA4 ? 88EE0CC8 INT 0xB4 ? 88EE0CC8 ---- Kernel code sections - GMER 1.0.15 ---- ? sptd.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB64323C0, 0x95B7EA, 0xE8000020] .text USBPORT.SYS!DllUnload B64128AC 5 Bytes JMP 88EE01D8 .text C:\WINDOWS\system32\DRIVERS\athsgt.sys section is writeable [0xB248C300, 0x21F20, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0126C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2740] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0149E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2740] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0149E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2740] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0149E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4024] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E93232] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E92730] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E92F12] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E92730] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E92914] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E92856] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E930F0] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E92F12] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA6F1E] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 89E531F8 Device \FileSystem\Fastfat \FatCdrom 88D8B430 Device \Driver\usbuhci \Device\USBPDO-0 88F93430 Device \Driver\usbuhci \Device\USBPDO-1 88F93430 Device \Driver\usbuhci \Device\USBPDO-2 88F93430 Device \Driver\usbehci \Device\USBPDO-3 88F841F8 Device \Driver\usbuhci \Device\USBPDO-4 88F93430 Device \Driver\usbuhci \Device\USBPDO-5 88F93430 Device \Driver\usbuhci \Device\USBPDO-6 88F93430 Device \Driver\usbehci \Device\USBPDO-7 88F841F8 Device \Driver\Cdrom \Device\CdRom0 88F341F8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\usbstor \Device\00000080 88C4E430 Device \Driver\NetBT \Device\NetBt_Wins_Export 88C47430 Device \Driver\NetBT \Device\NetbiosSmb 88C47430 Device \Driver\NetBT \Device\NetBT_Tcpip_{45D9816E-EDCA-4940-826D-AD4E7E7484AF} 88C47430 Device \Driver\usbuhci \Device\USBFDO-0 88F93430 Device \Driver\usbuhci \Device\USBFDO-1 88F93430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FB5430 Device \Driver\usbuhci \Device\USBFDO-2 88F93430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FB5430 Device \Driver\usbstor \Device\0000007c 88C4E430 Device \Driver\usbehci \Device\USBFDO-3 88F841F8 Device \Driver\usbstor \Device\0000007d 88C4E430 Device \Driver\usbuhci \Device\USBFDO-4 88F93430 Device \Driver\usbstor \Device\0000007e 88C4E430 Device \Driver\usbuhci \Device\USBFDO-5 88F93430 Device \Driver\usbstor \Device\0000007f 88C4E430 Device \Driver\usbuhci \Device\USBFDO-6 88F93430 Device \Driver\usbehci \Device\USBFDO-7 88F841F8 Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 89E541F8 Device \Driver\mv61xx \Device\Scsi\mv61xx1 89E541F8 Device \FileSystem\Fastfat \Fat 88D8B430 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 88D42430 ---- EOF - GMER 1.0.15 ----