Anonim / 8 lat, 1 miesiąc temu | Download | Plaintext | Odpowiedz |

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-17 14:52:38
Windows 5.1.2600 Dodatek Service Pack 2
Running: xwm1y6ro.exe; Driver: C:\DOCUME~1\Boron\USTAWI~1\Temp\kwtyapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0xB71606B8]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwConnectPort [0xB7309040]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreateFile [0xB7305930]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwCreateKey [0xBA6CE514]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreatePort [0xB7309510]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreateProcess [0xB730F870]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreateProcessEx [0xB730FAA0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreateSection [0xB7312FD0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwCreateWaitablePort [0xB7309600]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwDeleteFile [0xB7305F20]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwDeleteKey [0xBA6CED00]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwDeleteValueKey [0xBA6CEFB8]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwDuplicateObject [0xB730F580]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwLoadKey [0xB73118B0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwOpenFile [0xB7305D70]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwOpenKey [0xBA6CD3FA]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwOpenProcess [0xB730F350]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwOpenThread [0xB730F150]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0xB716076E]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwRenameKey [0xBA6CF422]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwReplaceKey [0xB7311CB0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwRequestWaitReplyPort [0xB7308C00]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0xB716072E]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwSecureConnectPort [0xB7309220]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwSetInformationFile [0xB7306120]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                               ZwSetValueKey [0xBA6CE7D8]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                   ZwTerminateProcess [0xB730FCD0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2BED                                                                          805037ED 11 Bytes  [95, 30, B7, 70, F8, 30, B7, ...]
?               srescan.sys                                                                                                   Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[1540] SHELL32.dll!SHFileOperationW                                                    7CA6D1B9 5 Bytes  JMP 10001102 C:\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                      [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                           [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                          [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                    [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                      [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                        [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                             [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                            [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                       [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                           [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                            [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                     [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                             [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                         [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                              [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                      [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                        [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                             [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                            [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                           [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                            [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                     [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                       [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                       [B730DCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                     [B730DE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                           [B730E320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                            [B730E1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  003C0002
IAT             C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        003C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device          \Driver\Tcpip \Device\Ip                                                                                      vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\Tcpip \Device\Tcp                                                                                     vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\Tcpip \Device\Udp                                                                                     vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\Tcpip \Device\RawIp                                                                                   vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\Tcpip \Device\IPMULTICAST                                                                             vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- EOF - GMER 1.0.15 ----