GMER 1.0.14.14536 -
http://www.gmer.net
Rootkit scan 2008-11-14 18:56:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xF8446AC8]
SSDT sptd.sys ZwEnumerateKey [0xF8446C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF8446F9A]
SSDT sptd.sys ZwOpenKey [0xF844698E]
SSDT sptd.sys ZwQueryKey [0xF8447064]
SSDT sptd.sys ZwQueryValueKey [0xF8446EFC]
SSDT sptd.sys ZwSetValueKey [0xF84470EC]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD9869.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F7AF84F0 16 Bytes [ 6B, F5, 87, 6F, 4D, 9F, DA, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F7AF8501 31 Bytes [ 70, AF, F7, BB, 67, 4A, 1C, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[164] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844F89E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F844FE24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F844FD28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F844FEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F844FEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F844FE24] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F844FD28] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84651AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F844FA5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844F8F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8442AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8442C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8442B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F844376C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8443642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84548C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F846504A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8465056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8465E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F844FCC6] sptd.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01AA7376] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2348] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01AA73CC] C:\Program Files\Mozilla Firefox\extensions\
[email protected]\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 82397A40
AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
Device \Driver\NetBT \Device\NetBT_Tcpip_{46876A5D-454B-410C-BFFC-2AB21CC5D36D} 81F450E8
Device \Driver\00000062 \Device\00000043 sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{40B24E24-FBB4-4CDF-AAD1-E341856549D6} 81F450E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823970E8
Device \Driver\dmio \Device\DmControl\DmConfig 823970E8
Device \Driver\dmio \Device\DmControl\DmPnP 823970E8
Device \Driver\dmio \Device\DmControl\DmInfo 823970E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 823E03A0
Device \Driver\Ftdisk \Device\HarddiskVolume2 823E03A0
Device \Driver\Cdrom \Device\CdRom0 820820E8
Device \FileSystem\Rdbss \Device\FsWrap 81EC90E8
Device \Driver\Cdrom \Device\CdRom1 820820E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 820820E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81F450E8
Device \Driver\NetBT \Device\NetbiosSmb 81F450E8
Device \Driver\Disk \Device\Harddisk0\DR0 82397C78
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81EDA0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81EDA0E8
Device \FileSystem\Npfs \Device\NamedPipe 81F620E8
Device \Driver\Ftdisk \Device\FtControl 823E03A0
Device \FileSystem\Msfs \Device\Mailslot 8215FA50
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 81EBD0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 81EBD0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1 81EBD0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 81F6C0E8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1457031614
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1495843787
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1215622671
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0xFA 0x5D 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xD9 0x9B 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0xE5 0x3D 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x56 0x18 0x4F 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0xFA 0x5D 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xD9 0x9B 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0xE5 0x3D 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x56 0x18 0x4F 0x07 ...
---- Files - GMER 1.0.14 ----
File C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\v4sivjuu.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\cache\alexa_5bd64ff29cb33eae75f60604d0353199.xml 0 bytes
---- EOF - GMER 1.0.14 ----
izvinite sto je ovaj gmer tako veliki