GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-07-04 16:07:14
Windows 5.1.2600 Service Pack 3
Running: pjp6g3re.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\pgtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT F8B8C286 ZwCreateKey
SSDT F8B8C27C ZwCreateThread
SSDT F8B8C28B ZwDeleteKey
SSDT F8B8C295 ZwDeleteValueKey
SSDT SPTD.sys ZwEnumerateKey [0xF83D0FB2]
SSDT SPTD.sys ZwEnumerateValueKey [0xF83D1340]
SSDT F8B8C29A ZwLoadKey
SSDT SPTD.sys ZwOpenKey [0xF83CB0B0]
SSDT F8B8C268 ZwOpenProcess
SSDT F8B8C26D ZwOpenThread
SSDT SPTD.sys ZwQueryKey [0xF83D1418]
SSDT SPTD.sys ZwQueryValueKey [0xF83D1298]
SSDT F8B8C2A4 ZwReplaceKey
SSDT F8B8C29F ZwRestoreKey
SSDT F8B8C290 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\SPTD.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload F498A8AC 5 Bytes JMP 82D371C8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F83CBAD4] SPTD.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F83CBC1A] SPTD.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F83CBB9C] SPTD.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F83CC748] SPTD.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F83CC61E] SPTD.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83E129A] SPTD.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 82FD91E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E7505E47-8509-4140-BAAE-A8704B669F6C} 823FD1E8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 82D61790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F6C1E8
Device \Driver\dmio \Device\DmControl\DmConfig 82F6C1E8
Device \Driver\dmio \Device\DmControl\DmPnP 82F6C1E8
Device \Driver\dmio \Device\DmControl\DmInfo 82F6C1E8
Device \Driver\usbuhci \Device\USBPDO-1 82D61790
Device \Driver\usbehci \Device\USBPDO-2 82D32790
Device \Driver\usbuhci \Device\USBPDO-3 82D61790
Device \Driver\usbuhci \Device\USBPDO-4 82D61790
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDB1E8
Device \Driver\Cdrom \Device\CdRom0 82E281E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8300B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [F8300B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F8300B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [F8300B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F8300B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 823FD1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3BEA5F1D-F03A-4B54-AAEE-CA86F34A1CA6} 823FD1E8
Device \Driver\NetBT \Device\NetbiosSmb 823FD1E8
Device \Driver\usbuhci \Device\USBFDO-0 82D61790
Device \Driver\usbuhci \Device\USBFDO-1 82D61790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8229F1E8
Device \Driver\usbuhci \Device\USBFDO-2 82D61790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8229F1E8
Device \Driver\usbuhci \Device\USBFDO-3 82D61790
Device \Driver\usbehci \Device\USBFDO-4 82D32790
Device \Driver\Ftdisk \Device\FtControl 82FDB1E8
Device \FileSystem\Cdfs \Cdfs 8222D1E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd106a1b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd106a1b@0012ee713bb8 0x56 0xFC 0x5A 0xDE ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd106a1b@001247645f93 0x4B 0x6B 0xAE 0x22 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd106a1b@001262d463ae 0x34 0x6F 0x12 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0xB6 0x41 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd106a1b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd106a1b@0012ee713bb8 0x56 0xFC 0x5A 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd106a1b@0025474b248d 0x4D 0x54 0xE4 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd106a1b@001de9644c7e 0x54 0x82 0xB3 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0xB6 0x41 0xBC ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd106a1b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd106a1b@0012ee713bb8 0x56 0xFC 0x5A 0xDE ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd106a1b@0025474b248d 0x4D 0x54 0xE4 0x2E ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd106a1b@001de9644c7e 0x54 0x82 0xB3 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0xB6 0x41 0xBC ...
---- EOF - GMER 1.0.15 ----