GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-02 16:58:53 Windows 5.1.2600 Service Pack 3 Running: u6ykvgps.exe; Driver: C:\DOKUME~1\Martin\LOKALE~1\Temp\uwaorkod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEF1B236E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xEF1B2A86] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xEF1B360C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xEF1B3B40] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xEF1B2D78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xEF1B1460] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xEF1B3A18] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xEF1B0D0A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xEF1B38D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xEF1B2102] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xEF1B3C72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEF1B540E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xEF1B2886] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xEF1B3976] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xEF1B1A20] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xEF1B1CF8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xEF1B321C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xEF1B5980] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEF1B1E3A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEF1B1EE4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xEF1B3016] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xEF1B4EA6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xEF1B143C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xEF1B144E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xEF1B2030] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xEF1B3BE2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xEF1B2B08] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xEF1B1604] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xEF1B3AB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xEF1B256E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xEF1B5438] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xEF1B3D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xEF1B2492] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xEF1B1F8E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xEF1B1BB6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xEF1B18BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xEF1B5128] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xEF1B1B34] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xEF1B10C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xEF1B409E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xEF1B3F64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xEF1B4C30] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xEF1B1224] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xEF1B5860] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xEF1B0EC4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xEF1B3312] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xEF1B2984] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xEF1B45F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xEF1B4FA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xEF1B54C2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xEF1B1744] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xEF1B55A6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xEF1B56D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xEF1B4DD2] SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF0530B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xEF1B263C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xEF1B27C8] INT 0x3B ? 82BDEF00 INT 0x3B ? 82BDEF00 INT 0x3B ? 82BDEF00 INT 0x3B ? 82BDEF00 INT 0x3E ? 82F89BF8 INT 0x3F ? 82F89BF8 Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 114 804E2770 16 Bytes [02, 21, 1B, EF, 72, 3C, 1B, ...] {ADD AH, [ECX]; SBB EBP, EDI; JB 0x42; SBB EBP, EDI; PUSH CS; PUSH ESP; SBB EBP, EDI; XCHG [EAX], CH; SBB EBP, EDI} .text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [A6, 4E, 1B, EF, 3C, 14, 1B, ...] {CMPSB ; DEC ESI; SBB EBP, EDI; CMP AL, 0x14; SBB EBP, EDI; DEC ESI; ADC AL, 0x1b; OUT DX, EAX} .text ntoskrnl.exe!_abnormal_termination + 34C 804E29A8 16 Bytes [34, 1B, 1B, EF, C2, 10, 1B, ...] .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [A6, 55, 1B, EF, D2, 56, 1B, ...] {CMPSB ; PUSH EBP; SBB EBP, EDI; RCL BYTE [ESI+0x1b], CL; OUT DX, EAX; ROR BYTE [EBP+0x1b], CL; OUT DX, EAX} .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 7 Bytes [30, 05, EF, 3C, 26, 1B, EF] {XOR [0x1b263cef], AL; OUT DX, EAX} .text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EF1A77DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EF1A7424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ? spxv.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload F74B88AC 5 Bytes JMP 82BDE4E0 .text a1kxy5mn.SYS F73AF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a1kxy5mn.SYS F73AF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a1kxy5mn.SYS F73AF3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a1kxy5mn.SYS F73AF3C9 1 Byte [30] .text a1kxy5mn.SYS F73AF3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ? system32\drivers\Wbutton.sys Das System kann den angegebenen Pfad nicht finden. ! ? System32\Drivers\Hotkey.SYS Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1000] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1000] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1000] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [70, 11, 32, 6D] ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1740] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; ? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1740] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1740] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [70, 11, 32, 6D] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F8E5E0 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F873ADDC] spxv.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F873AE30] spxv.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8710042] spxv.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F871013E] spxv.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F87100C0] spxv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8710800] spxv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F87106D6] spxv.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82BDE5E0 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F871FB90] spxv.sys IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!swprintf] 001CB286 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IofCallDriver] 001CB986 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoStartTimer] 00002230 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!PoCallDriver] 002157E8 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a1kxy5mn.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F804C820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F804C820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\irda.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [F804C6D0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 82F871F8 AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wnet_x86]/Kaspersky Lab) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Mausklassentreiber/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 82BED500 Device \Driver\usbuhci \Device\USBPDO-1 82BED500 Device \Driver\usbuhci \Device\USBPDO-2 82BED500 Device \Driver\usbehci \Device\USBPDO-3 82BDD500 AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\Ftdisk \Device\HarddiskVolume1 82F8A1F8 Device \Driver\Cdrom \Device\CdRom0 82C17500 Device \Driver\Cdrom \Device\CdRom1 82C17500 Device \Driver\atapi \Device\Ide\IdePort0 [F866AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F866AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F866AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F866AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8281E1F8 Device \Driver\sptd \Device\1123241296 spxv.sys Device \Driver\NetBT \Device\NetbiosSmb 8281E1F8 Device \Driver\PCI_PNP8560 \Device\0000004e spxv.sys AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\NetBT \Device\NetBT_Tcpip_{7F0B36A3-2C9B-4555-B99C-B77809E21694} 8281E1F8 AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbuhci \Device\USBFDO-0 82BED500 Device \Driver\usbuhci \Device\USBFDO-1 82BED500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 828161F8 Device \Driver\usbuhci \Device\USBFDO-2 82BED500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 828161F8 Device \Driver\usbehci \Device\USBFDO-3 82BDD500 Device \Driver\Ftdisk \Device\FtControl 82F8A1F8 Device \Driver\a1kxy5mn \Device\Scsi\a1kxy5mn1Port2Path0Target0Lun0 82C541F8 Device \Driver\a1kxy5mn \Device\Scsi\a1kxy5mn1 82C541F8 Device \FileSystem\Cdfs \Cdfs 8280C1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD9 0xC6 0xA9 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x09 0x80 0x70 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x2E 0xAB 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD9 0xC6 0xA9 0x48 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x09 0x80 0x70 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0x2E 0xAB 0x8B ... ---- EOF - GMER 1.0.15 ----