GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-02-11 08:08:54
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB5A3688E]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB5A360EC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB5A35DCE]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB5A37938]
SSDT F7AB21BC ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB5A35ED8]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB5A35FC2]
SSDT spwo.sys ZwEnumerateKey [0xF74F7CA2]
SSDT spwo.sys ZwEnumerateValueKey [0xF74F8030]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB5A36BBC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB5A363F4]
SSDT spwo.sys ZwOpenKey [0xF74DA0C0]
SSDT F7AB21A8 ZwOpenProcess
SSDT F7AB21AD ZwOpenThread
SSDT spwo.sys ZwQueryKey [0xF74F8108]
SSDT spwo.sys ZwQueryValueKey [0xF74F7F88]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xB5A36526]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB5A35BFC]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB5A36B04]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB5A3670C]
SSDT F7AB21B2 ZwWriteVirtualMemory
INT 0x73 ? 8A5CDBF8
INT 0x82 ? 8A5CDBF8
INT 0x83 ? 8A5CDBF8
INT 0xB4 ? 8A2EBBF8
INT 0xB4 ? 8A2EBBF8
INT 0xB4 ? 8A2EBBF8
INT 0xB4 ? 8A2EBBF8
---- Kernel code sections - GMER 1.0.14 ----
? spwo.sys Impossibile trovare il file specificato. !
.text USBPORT.SYS!DllUnload BA2BE8AC 5 Bytes JMP 8A2EB1D8
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DB040] spwo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DB13C] spwo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DB0BE] spwo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DB7FC] spwo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DB6D2] spwo.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74EAD92] spwo.sys
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A54C1F8
Device \Driver\usbohci \Device\USBPDO-0 8A2EA1F8
Device \Driver\usbohci \Device\USBPDO-1 8A2EA1F8
Device \Driver\usbehci \Device\USBPDO-2 8A2D21F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5CE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5CE1F8
Device \Driver\Cdrom \Device\CdRom0 8A2C51F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5CE1F8
Device \Driver\Cdrom \Device\CdRom1 8A2C51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0F7500
Device \Driver\NetBT \Device\NetbiosSmb 8A0F7500
Device \Driver\NetBT \Device\NetBT_Tcpip_{DD4EFEE3-EEC2-40D5-B700-FD04B5B3954D} 8A0F7500
Device \Driver\usbohci \Device\USBFDO-0 8A2EA1F8
Device \Driver\usbohci \Device\USBFDO-1 8A2EA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0F0500
Device \Driver\usbehci \Device\USBFDO-2 8A2D21F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0F0500
Device \Driver\Ftdisk \Device\FtControl 8A5CE1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A54E1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port6Path0Target0Lun0 8A54E1F8
Device \FileSystem\Fastfat \Fat 8A0F6500
Device \FileSystem\Fastfat \Fat B1DE8297
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89F14500
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x8E 0xEE 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x8E 0xEE 0x0C ...
---- EOF - GMER 1.0.14 ----