Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GMER 2.1.19163 - http://www.gmer.net
- Rootkit scan 2014-01-04 18:10:32
- Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05 74,53GB
- Running: 72hme89n.exe; Driver: C:\DOCUME~1\zerko\USTAWI~1\Temp\kwadipob.sys
- ---- Devices - GMER 2.1 ----
- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS
- AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS
- AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS
- AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS
- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
- AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS
- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS
- ---- System - GMER 2.1 ----
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose [0xBAD606B8]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey [0xBAD60574]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey [0xBAD60A52]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDuplicateObject [0xBAD6014C]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey [0xBAD6064E]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenProcess [0xBAD6008C]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenThread [0xBAD600F0]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey [0xBAD6076E]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey [0xBAD6072E]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey [0xBAD608AE]
- ---- Files - GMER 2.1 ----
- File C:\Documents and Settings\zerko\Ustawienia lokalne\Temp\{B4F41A64-6C28-4EC3-8DC5-F2E88193F6C2}-31.0.1650.63_chrome_installer.exe (size mismatch) 2692009/2684749 bytes executable
- File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temp\{F31988E6-AB76-4BB3-A616-E3DE68B32C2C}-30.0.1599.101_chrome_installer.exe (size mismatch) 2970793/2959177 bytes executable
- ---- User IAT/EAT - GMER 2.1 ----
- IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
- IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
- ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement