Anonim / 8 lat, 2 miesiące temu | Download | Plaintext | Odpowiedz |

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-14 13:34:26
Windows 6.0.6000 
Running: gmer.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\pxrdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0x8C7DA8AA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0x8C7DA7C8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0x8C7DA83C]

INT 0x52        ?                                                                                                             83654BF8
INT 0x62        ?                                                                                                             83654BF8
INT 0x72        ?                                                                                                             83654BF8
INT 0x72        ?                                                                                                             83654BF8
INT 0x72        ?                                                                                                             8526EF00
INT 0x72        ?                                                                                                             83654BF8
INT 0x92        ?                                                                                                             8526EF00
INT 0xA3        ?                                                                                                             8526EF00
INT 0xB3        ?                                                                                                             8526EF00

---- Kernel code sections - GMER 1.0.15 ----

?               System32\Drivers\spvn.sys                                                                                     System nie może odnaleźć określonej ścieżki. !
.text           USBPORT.SYS!DllUnload                                                                                         8BB43FEB 5 Bytes  JMP 8526E4E0 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                     [81B026D2] \SystemRoot\System32\Drivers\spvn.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                      [81B02040] \SystemRoot\System32\Drivers\spvn.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                              [81B027FC] \SystemRoot\System32\Drivers\spvn.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                     [81B020BE] \SystemRoot\System32\Drivers\spvn.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                               [81B0213C] \SystemRoot\System32\Drivers\spvn.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                            [81B12048] \SystemRoot\System32\Drivers\spvn.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00080002
IAT             C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00080000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        844131F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{A0467CF5-3B05-4B09-8451-0E74703F33DE}                                      856431F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                          836561F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                              852701F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                              852701F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                              852701F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                              852701F8
Device          \Driver\USBSTOR \Device\00000060                                                                              856E61F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                              852741F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                        836561F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                        836561F8
Device          \Driver\cdrom \Device\CdRom0                                                                                  844D71F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                        836561F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                   844121F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                            844121F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                            844121F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                            844121F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                            844121F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5                                                                   844121F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                        836561F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                        836561F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                        836561F8
Device          \Driver\volmgr \Device\HarddiskVolume7                                                                        836561F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                       856431F8
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                        836561F8
Device          \Driver\volmgr \Device\HarddiskVolume9                                                                        836561F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                857BE1F8
Device          \Driver\USBSTOR \Device\0000005c                                                                              856E61F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                            853931F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device          \Driver\USBSTOR \Device\0000005d                                                                              856E61F8
Device          \Driver\USBSTOR \Device\0000005e                                                                              856E61F8
Device          \Driver\USBSTOR \Device\0000005f                                                                              856E61F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                              852701F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                              852701F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                              852701F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                              852701F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                              852741F8
Device          \FileSystem\cdfs \Cdfs                                                                                        85AE21F8
Device          \Driver\atapi -> \Driver\atapi \Device\Harddisk0\DR0                                                          844121F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                            771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                            285507792

---- EOF - GMER 1.0.15 ----