GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2009-12-28 18:10:32
Windows 5.1.2600 Service Pack 3
Running: 07pbyp52.exe; Driver: C:\DOCUME~1\generico\IMPOST~1\Temp\uwddrpod.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 82371BF8
INT 0x73 ? 82199BF8
INT 0x73 ? 82199BF8
INT 0x73 ? 82199BF8
INT 0x73 ? 82199BF8
INT 0x73 ? 82199BF8
INT 0x82 ? 82371BF8
Code 82199F58 ZwEnumerateKey
Code 821ACD80 ZwFlushInstructionCache
Code 82199F8E IofCallDriver
Code 821A925E IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82199F93
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 821A9263
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8056E42A 5 Bytes JMP 821ACD84
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 5 Bytes JMP 82199F5C
? mhdi.sys Impossibile trovare il file specificato. !
? spbg.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload F75D48AC 5 Bytes JMP 821991D8
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Impossibile trovare il file specificato. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823E02D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844893C] spbg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8448990] spbg.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821992D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8428D92] spbg.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 823DC1F8
Device \FileSystem\Fastfat \FatCdrom 820304C0
Device \FileSystem\Fastfat \FatCdrom 81FEA030
Device \Driver\NetBT \Device\NetBT_Tcpip_{907413D1-9423-4772-A0EA-94505463F98C} 81BEC1F8
Device \Driver\usbuhci \Device\USBPDO-0 82173500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823DE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 823DE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 823DE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 823DE1F8
Device \Driver\usbuhci \Device\USBPDO-1 82173500
Device \Driver\usbuhci \Device\USBPDO-2 82173500
Device \Driver\PCI_PNP0566 \Device\00000046 spbg.sys
Device \Driver\usbehci \Device\USBPDO-3 821711F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 823721F8
Device \FileSystem\Rdbss \Device\FsWrap 81CC4240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 81F763F8
Device \Driver\atapi \Device\Ide\IdePort0 81F763F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 81F763F8
Device \Driver\atapi \Device\Ide\IdePort1 81F763F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 81F763F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{740757DC-2358-439A-AFDC-0775E191E8B5} 81BEC1F8
Device \Driver\sptd \Device\113194316 spbg.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 81BEC1F8
Device \Driver\NetBT \Device\NetbiosSmb 81BEC1F8
Device \FileSystem\Srv \Device\LanmanServer 820D5610
Device \Driver\usbuhci \Device\USBFDO-0 82173500
Device \Driver\usbuhci \Device\USBFDO-1 82173500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81BC71F8
Device \Driver\usbuhci \Device\USBFDO-2 82173500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81BC71F8
Device \Driver\usbehci \Device\USBFDO-3 821711F8
Device \FileSystem\Npfs \Device\NamedPipe 820C3158
Device \Driver\Ftdisk \Device\FtControl 823721F8
Device \FileSystem\Msfs \Device\Mailslot 81FDD0D8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 81E6DC90
Device \Driver\akljadyk \Device\Scsi\akljadyk1 820871F8
Device \Driver\d347prt \Device\Scsi\d347prt1 81E6DC90
Device \FileSystem\Fastfat \Fat 820304C0
Device \FileSystem\Fastfat \Fat 81FEA030
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 81FF9A38
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 81FF9A38
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 81FF9A38
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 81FF9A38
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 81FF9A38
Device \FileSystem\Cdfs \Cdfs 81C3B500
Device \FileSystem\Cdfs \Cdfs 821366B0
---- Modules - GMER 1.0.15 ----
Module _________ F833D000-F8355000 (98304 bytes)
Module \systemroot\system32\drivers\H8SRTodulqgopet.sys (*** hidden *** ) BA334000-BA350000 (114688 bytes)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\H8SRTodulqgopet.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTodulqgopet.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTodulqgopet.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTiqoqbogthw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTupwhklqybt.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTsnklticaim.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x6D 0xEA 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTodulqgopet.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTodulqgopet.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTiqoqbogthw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTupwhklqybt.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTsnklticaim.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x76 0x6D 0xEA 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x60 0x1F 0xBB ...
---- EOF - GMER 1.0.15 ----