GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-06-12 13:34:02 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT SSI.SYS ZwCreateKey SSDT SSI.SYS ZwCreateProcess SSDT SSI.SYS ZwCreateProcessEx SSDT SSI.SYS ZwDeleteKey SSDT SSI.SYS ZwDeleteValueKey SSDT SSI.SYS ZwRenameKey SSDT SSI.SYS ZwSetInformationKey SSDT SSI.SYS ZwSetValueKey ---- Devices - GMER 1.0.10 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [F838520C] SSI.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP_POWER [F838520C] SSI.SYS Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE A8E54C8A ---- EOF - GMER 1.0.10 ----