GMER 1.0.15.15020 [w9ixdst9.exe] - http://www.gmer.net Rootkit scan 2009-08-09 15:16:38 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT 86E5F870 ZwAlertResumeThread SSDT 86E5F950 ZwAlertThread SSDT 86F408F0 ZwAllocateVirtualMemory SSDT 86DA06F0 ZwAlpcConnectPort SSDT 8760B8A8 ZwAssignProcessToJobObject SSDT 86E5F5C0 ZwCreateMutant SSDT 8760B5C8 ZwCreateSymbolicLinkObject SSDT 86E6FA20 ZwCreateThread SSDT 8760B988 ZwDebugActiveProcess SSDT 86D89378 ZwDuplicateObject SSDT 86F40710 ZwFreeVirtualMemory SSDT 86E5F6B0 ZwImpersonateAnonymousToken SSDT 86E5F790 ZwImpersonateThread SSDT 86D923C8 ZwLoadDriver SSDT 86F40610 ZwMapViewOfSection SSDT 86E5F4E0 ZwOpenEvent SSDT 86D89518 ZwOpenProcess SSDT 86F409E0 ZwOpenProcessToken SSDT 8760BBB0 ZwOpenSection SSDT 86D89448 ZwOpenThread SSDT 8760B7B8 ZwProtectVirtualMemory SSDT 86D34790 ZwResumeThread SSDT 86E5FBF0 ZwSetContextThread SSDT 86E5FCF0 ZwSetInformationProcess SSDT 8760BA68 ZwSetSystemInformation SSDT 8760BC90 ZwSuspendProcess SSDT 86E5FA30 ZwSuspendThread SSDT 86D89630 ZwTerminateProcess SSDT 86E5FB10 ZwTerminateThread SSDT 86E5FDC0 ZwUnmapViewOfSection SSDT 86F40800 ZwWriteVirtualMemory SSDT 8760B6B8 ZwCreateThreadEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 350 81CC6964 8 Bytes [70, F8, E5, 86, 50, F9, E5, ...] {JO 0xfffffffffffffffa; IN EAX, 0x86; PUSH EAX; STC ; IN EAX, 0x86} .text ntkrnlpa.exe!KeSetTimerEx + 364 81CC6978 4 Bytes [F0, 08, F4, 86] .text ntkrnlpa.exe!KeSetTimerEx + 370 81CC6984 4 Bytes [F0, 06, DA, 86] .text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CC69D8 4 Bytes [A8, B8, 60, 87] .text ntkrnlpa.exe!KeSetTimerEx + 428 81CC6A3C 4 Bytes [C0, F5, E5, 86] .text ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002 IAT C:\Windows\system32\services.exe[640] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----