API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 4th, 2014
22
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.52 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19163 - http://www.gmer.net
  2. Rootkit scan 2014-01-04 18:10:32
  3. Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05 74,53GB
  4. Running: 72hme89n.exe; Driver: C:\DOCUME~1\zerko\USTAWI~1\Temp\kwadipob.sys
  5.  
  6.  
  7. ---- Devices - GMER 2.1 ----
  8.  
  9. AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS
  10. AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS
  11. AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS
  12. AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS
  13. AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
  14. AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS
  15. AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS
  16.  
  17. ---- System - GMER 2.1 ----
  18.  
  19. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose [0xBAD606B8]
  20. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey [0xBAD60574]
  21. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey [0xBAD60A52]
  22. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDuplicateObject [0xBAD6014C]
  23. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey [0xBAD6064E]
  24. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenProcess [0xBAD6008C]
  25. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenThread [0xBAD600F0]
  26. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey [0xBAD6076E]
  27. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey [0xBAD6072E]
  28. SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey [0xBAD608AE]
  29.  
  30. ---- Files - GMER 2.1 ----
  31.  
  32. File C:\Documents and Settings\zerko\Ustawienia lokalne\Temp\{B4F41A64-6C28-4EC3-8DC5-F2E88193F6C2}-31.0.1650.63_chrome_installer.exe (size mismatch) 2692009/2684749 bytes executable
  33. File C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temp\{F31988E6-AB76-4BB3-A616-E3DE68B32C2C}-30.0.1599.101_chrome_installer.exe (size mismatch) 2970793/2959177 bytes executable
  34.  
  35. ---- User IAT/EAT - GMER 2.1 ----
  36.  
  37. IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
  38. IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
  39.  
  40. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!