1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 | GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 10:19:01
Windows 5.1.2600 Dodatek Service Pack 2
Running: ip6u0glm.exe; Driver: C:\DOCUME~1\KATON\USTAWI~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT spvx.sys ZwCreateKey [0xB9EA80E0]
SSDT spvx.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spvx.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spvx.sys ZwOpenKey [0xB9EA80C0]
SSDT spvx.sys ZwQueryKey [0xB9EC7108]
SSDT spvx.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spvx.sys ZwSetValueKey [0xB9EC719A]
INT 0x62 ? 89DE3BF8
INT 0x73 ? 89DE6BF8
INT 0x73 ? 89C09F00
INT 0x73 ? 89DE6BF8
INT 0x74 ? 89C09F00
INT 0x82 ? 89DE3BF8
INT 0x94 ? 89C09F00
INT 0xA4 ? 89C09F00
INT 0xB4 ? 89DE3BF8
INT 0xB4 ? 89DE3BF8
INT 0xB4 ? 89C09F00
INT 0xB4 ? 89C09F00
INT 0xB4 ? 89DE3BF8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spvx.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spvx.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spvx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spvx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spvx.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spvx.sys
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ag7txmny.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E511F8
Device \Driver\sptd \Device\2077582238 spvx.sys
Device \Driver\usbuhci \Device\USBPDO-0 89C0E500
Device \Driver\PCI_PNP2238 \Device\00000044 spvx.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E531F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E531F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E531F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E531F8
Device \Driver\usbuhci \Device\USBPDO-1 89C0E500
Device \Driver\usbuhci \Device\USBPDO-2 89C0E500
Device \Driver\usbehci \Device\USBPDO-3 89C06500
Device \Driver\usbuhci \Device\USBPDO-4 89C0E500
Device \Driver\usbuhci \Device\USBPDO-5 89C0E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{BC30A5D9-9797-4028-A337-BB98A69716F2} 88F1E1F8
Device \Driver\usbuhci \Device\USBPDO-6 89C0E500
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE41F8
Device \Driver\usbehci \Device\USBPDO-7 89C06500
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DE41F8
Device \Driver\Cdrom \Device\CdRom0 89C0D500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89DE41F8
Device \Driver\Cdrom \Device\CdRom1 89C0D500
Device \Driver\atapi \Device\Ide\IdePort0 89DE31F8
Device \Driver\atapi \Device\Ide\IdePort1 89DE31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 89DE31F8
Device \Driver\atapi \Device\Ide\IdePort2 89DE31F8
Device \Driver\atapi \Device\Ide\IdePort3 89DE31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 89DE31F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89DE41F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89DE41F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 89DE41F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 89DE41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88F1E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume8 89DE41F8
Device \Driver\NetBT \Device\NetbiosSmb 88F1E1F8
Device \Driver\usbuhci \Device\USBFDO-0 89C0E500
Device \Driver\usbuhci \Device\USBFDO-1 89C0E500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88F151F8
Device \Driver\usbuhci \Device\USBFDO-2 89C0E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88F151F8
Device \Driver\usbehci \Device\USBFDO-3 89C06500
Device \Driver\usbuhci \Device\USBFDO-4 89C0E500
Device \Driver\Ftdisk \Device\FtControl 89DE41F8
Device \Driver\usbuhci \Device\USBFDO-5 89C0E500
Device \Driver\usbuhci \Device\USBFDO-6 89C0E500
Device \Driver\usbehci \Device\USBFDO-7 89C06500
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 89E521F8
Device \Driver\ag7txmny \Device\Scsi\ag7txmny1Port5Path0Target0Lun0 89B671F8
Device \Driver\ag7txmny \Device\Scsi\ag7txmny1 89B671F8
Device \Driver\JRAID \Device\Scsi\JRAID1 89E521F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 89E521F8
Device \FileSystem\Cdfs \Cdfs 88EBA500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x3F 0x3C 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0x6B 0x98 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x65 0x2E 0x50 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0x3F 0x3C 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x96 0x6B 0x98 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x65 0x2E 0x50 0x97 ...
---- EOF - GMER 1.0.15 ----
|
