log.txt

Jak usun±ć System security protect your pc?

Prosze o sprawdzenie logów:

GMER 1.0.15.14878 - http://www.gmer.net
Rootkit scan 2009-03-10 09:35:46
Windows 5.1.2600 Dodatek Service Pack. 1


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF75A10D0] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateKey [0xF75A6E2C] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateValueKey [0xF75A71BA] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwOpenKey [0xF75A10B0] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwQueryKey [0xF75A7292] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwQueryValueKey [0xF75A7112] & lt; -- ROOTKIT !!!
SSDT sptd.sys ZwSetValueKey [0xF75A7324] & lt; -- ROOTKIT !!!

Code 963a5fe4a87afae59e172fd886aad950.sys (ckmd/Noves Inc) ZwQueryDirectoryFile [0xF76CC999]
Code 963a5fe4a87afae59e172fd886aad950.sys (ckmd/Noves Inc) IoCreateFile
Code 963a5fe4a87afae59e172fd886aad950.sys (ckmd/Noves Inc) NtQueryDirectoryFile
Code ojurssiu.sys ObOpenObjectByName

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [D0, 10, 5A, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 805026A4 4 Bytes [2C, 6E, 5A, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 805026AC 4 Bytes [BA, 71, 5A, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 80502764 4 Bytes [B0, 10, 5A, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 38C 80502808 4 Bytes [92, 72, 5A, F7]
.text ...
PAGE ntoskrnl.exe!ObOpenObjectByName 805819E1 6 Bytes JMP F792A7A6 ojurssiu.sys
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie mo?e uzyskaae dost?pu do pliku, poniewa? jest on u?ywany przez inny proces.
.text USBPORT.SYS!DllUnload F6A86F88 5 Bytes JMP 828E5710
? C:\DOCUME~1\Ala\USTAWI~1\Temp\catchme.sys Nie mo?na odnaleźae określonego pliku. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F75B7886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75B7832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75D9892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75B7886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75A1AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75A1C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75A1B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75A2748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75A261E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75B6ACA] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82B591E8
Device \FileSystem\Fastfat \FatCdrom 829377A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{C319AC0F-014C-4CFE-B229-0FB8A3BE976A} 827AD1E8
Device \Driver\usbuhci \Device\USBPDO-0 828E41E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82BDF1E8
Device \Driver\dmio \Device\DmControl\DmConfig 82BDF1E8
Device \Driver\dmio \Device\DmControl\DmPnP 82BDF1E8
Device \Driver\dmio \Device\DmControl\DmInfo 82BDF1E8
Device \Driver\usbuhci \Device\USBPDO-1 828E41E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 82B5B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82B5B1E8
Device \Driver\Cdrom \Device\CdRom0 828FC1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 82B5B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 82B5B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 82B5B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 82B5B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 82B5B1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 827AD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume8 82B5B1E8
Device \Driver\NetBT \Device\NetbiosSmb 827AD1E8
Device \Driver\usbuhci \Device\USBFDO-0 828E41E8
Device \Driver\usbuhci \Device\USBFDO-1 828E41E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8278B1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8278B1E8
Device \Driver\Ftdisk \Device\FtControl 82B5B1E8
Device \FileSystem\Fastfat \Fat 829377A0
Device \FileSystem\Cdfs \Cdfs 8276D7A0

---- Threads - GMER 1.0.15 ----

Thread 4:1956 F16ACA52

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\963a5fe4a87afae59e172fd886aad950.sys (*** hidden *** ) [BOOT] 963a5fe4a87afae59e172fd886aad950 & lt; -- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@c & registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\963a5fe4a87afae59e172fd886aad950 & download_period=846000 & first_download_delay=180 & version=2 & ip_0=586742989 & port_0=7000 & max_fails_0=5 & ip_1=704183501 & port_1=8300 & max_fails_1=5 & ip_2=2241985741 & port_2=9002 & max_fails_2=2 & ip_3=1512966353 & port_3=11234 & max_fails_3=2 & ips_count=4 & name=963a5fe4a87afae59e172fd886aad950 & path=System32\963a5fe4a87afae59e172fd886aad950.sys & wmid=Dkx003 & idate=2009-03-08 17:00:34:037 & last_download_time=2009-3-8 17:3:34.696 & first_skip=1
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@ImagePath System32\963a5fe4a87afae59e172fd886aad950.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@DisplayName 963a5fe4a87afae59e172fd886aad950
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950@Group System Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\963a5fe4a87afae59e172fd886aad950\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0x3E 0x9E 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3C 0x0C 0xFA 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x7E 0x0C 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0x51 0xF4 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@c & registry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\963a5fe4a87afae59e172fd886aad950 & download_period=846000 & first_download_delay=180 & version=2 & ip_0=586742989 & port_0=7000 & max_fails_0=5 & ip_1=704183501 & port_1=8300 & max_fails_1=5 & ip_2=2241985741 & port_2=9002 & max_fails_2=2 & ip_3=1512966353 & port_3=11234 & max_fails_3=2 & ips_count=4 & name=963a5fe4a87afae59e172fd886aad950 & path=System32\963a5fe4a87afae59e172fd886aad950.sys & wmid=Dkx003 & idate=2009-03-08 17:00:34:037 & last_download_time=2009-3-8 17:3:34.696 & first_skip=1
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@Tag 7
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@ImagePath System32\963a5fe4a87afae59e172fd886aad950.sys
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@DisplayName 963a5fe4a87afae59e172fd886aad950
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950@Group System Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950\Security
Reg HKLM\SYSTEM\ControlSet002\Services\963a5fe4a87afae59e172fd886aad950\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0x3E 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3C 0x0C 0xFA 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0x7E 0x0C 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x31 0x51 0xF4 0x92 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\_963a5fe4a87afae59e172fd886aad950.sys_.vir 39936 bytes executable
File C:\WINDOWS\system32\963a5fe4a87afae59e172fd886aad950.sys 39936 bytes executable & lt; -- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----