API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 18th, 2010
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.36 KB | None | 0 0
raw download clone embed print report
  1. GMER 1.0.15.15281 - http://www.gmer.net
  2. Rootkit scan 2010-02-18 11:24:12
  3. Windows 5.1.2600 Dodatek Service Pack 3
  4. Running: qfeld61r.exe; Driver: C:\DOCUME~1\Raven\USTAWI~1\Temp\kwnyyfow.sys
  5.  
  6.  
  7. ---- System - GMER 1.0.15 ----
  8.  
  9. SSDT spov.sys ZwCreateKey [0xB7EA80E0]
  10. SSDT spov.sys ZwEnumerateKey [0xB7EC6CA2]
  11. SSDT spov.sys ZwEnumerateValueKey [0xB7EC7030]
  12. SSDT spov.sys ZwOpenKey [0xB7EA80C0]
  13. SSDT spov.sys ZwQueryKey [0xB7EC7108]
  14. SSDT spov.sys ZwQueryValueKey [0xB7EC6F88]
  15. SSDT spov.sys ZwSetValueKey [0xB7EC719A]
  16.  
  17. INT 0x62 ? 8A708BF8
  18. INT 0x63 ? 8A708BF8
  19. INT 0x63 ? 8A708BF8
  20. INT 0x63 ? 8A32EBF8
  21. INT 0x83 ? 8A708BF8
  22. INT 0x83 ? 8A708BF8
  23. INT 0x83 ? 8A32EBF8
  24. INT 0x83 ? 8A708BF8
  25. INT 0x84 ? 8A32EBF8
  26. INT 0xA4 ? 8A32EBF8
  27. INT 0xA4 ? 8A32EBF8
  28. INT 0xA4 ? 8A32EBF8
  29. INT 0xA4 ? 8A32EBF8
  30. INT 0xB4 ? 8A32EBF8
  31.  
  32. ---- Kernel code sections - GMER 1.0.15 ----
  33.  
  34. ? spov.sys Nie można odnaleźć określonego pliku. !
  35. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E1F360, 0x3D46A5, 0xE8000020]
  36. .text USBPORT.SYS!DllUnload B6C7C8AC 5 Bytes JMP 8A32E1D8
  37. .text az293g63.SYS B6B43386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
  38. .text az293g63.SYS B6B433AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
  39. .text az293g63.SYS B6B433C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
  40. .text az293g63.SYS B6B433C9 1 Byte [2E]
  41. .text az293g63.SYS B6B433C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
  42. .text ...
  43. .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3404300, 0x3B6D8, 0xE8000020]
  44. .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8398300, 0x1BEE, 0xE8000020]
  45.  
  46. ---- User code sections - GMER 1.0.15 ----
  47.  
  48. .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
  49.  
  50. ---- Kernel IAT/EAT - GMER 1.0.15 ----
  51.  
  52. IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA9040] spov.sys
  53. IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA913C] spov.sys
  54. IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA90BE] spov.sys
  55. IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA97FC] spov.sys
  56. IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA96D2] spov.sys
  57. IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB9048] spov.sys
  58. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
  59. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
  60. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KeGetCurrentIrql] CB033043
  61. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KfRaiseIrql] 0673C13B
  62. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KfLowerIrql] C13B0003
  63. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
  64. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
  65. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
  66. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
  67. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
  68. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!READ_PORT_USHORT] 83660000
  69. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
  70. IAT \SystemRoot\System32\Drivers\az293g63.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
  71. IAT \SystemRoot\System32\Drivers\az293g63.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
  72. IAT \SystemRoot\System32\Drivers\az293g63.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
  73.  
  74. ---- Devices - GMER 1.0.15 ----
  75.  
  76. Device \FileSystem\Ntfs \Ntfs 8A6971F8
  77.  
  78. AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
  79.  
  80. Device \FileSystem\Udfs \UdfsCdRom 89A73500
  81. Device \FileSystem\Udfs \UdfsDisk 89A73500
  82. Device \Driver\usbuhci \Device\USBPDO-0 8A45C1F8
  83. Device \Driver\PCI_PNP6450 \Device\00000051 spov.sys
  84. Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6991F8
  85. Device \Driver\dmio \Device\DmControl\DmConfig 8A6991F8
  86. Device \Driver\dmio \Device\DmControl\DmPnP 8A6991F8
  87. Device \Driver\dmio \Device\DmControl\DmInfo 8A6991F8
  88. Device \Driver\usbuhci \Device\USBPDO-1 8A45C1F8
  89. Device \Driver\usbuhci \Device\USBPDO-2 8A45C1F8
  90. Device \Driver\usbehci \Device\USBPDO-3 8A4501F8
  91. Device \Driver\usbuhci \Device\USBPDO-4 8A45C1F8
  92.  
  93. AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
  94.  
  95. Device \Driver\usbuhci \Device\USBPDO-5 8A45C1F8
  96. Device \Driver\NetBT \Device\NetBT_Tcpip_{33E9807A-512A-4204-B7CD-5E890D495CFD} 8A134500
  97. Device \Driver\usbuhci \Device\USBPDO-6 8A45C1F8
  98. Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7091F8
  99. Device \Driver\usbehci \Device\USBPDO-7 8A4501F8
  100. Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7091F8
  101. Device \Driver\Cdrom \Device\CdRom0 8A44C1F8
  102. Device \Driver\Cdrom \Device\CdRom1 8A44C1F8
  103. Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  104. Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  105. Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  106. Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  107. Device \Driver\atapi \Device\Ide\IdePort2 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  108. Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  109. Device \Driver\atapi \Device\Ide\IdePort3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  110. Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  111. Device \Driver\atapi \Device\Ide\IdePort4 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  112. Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  113. Device \Driver\atapi \Device\Ide\IdePort5 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  114. Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  115. Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  116. Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  117. Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
  118. Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  119. Device \Driver\sptd \Device\4067440200 spov.sys
  120. Device \Driver\NetBT \Device\NetBt_Wins_Export 8A134500
  121. Device \Driver\NetBT \Device\NetbiosSmb 8A134500
  122. Device \Driver\usbuhci \Device\USBFDO-0 8A45C1F8
  123. Device \Driver\usbuhci \Device\USBFDO-1 8A45C1F8
  124. Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A19B500
  125. Device \Driver\usbuhci \Device\USBFDO-2 8A45C1F8
  126. Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A19B500
  127. Device \Driver\usbehci \Device\USBFDO-3 8A4501F8
  128. Device \Driver\usbuhci \Device\USBFDO-4 8A45C1F8
  129. Device \Driver\Ftdisk \Device\FtControl 8A7091F8
  130. Device \Driver\usbuhci \Device\USBFDO-5 8A45C1F8
  131. Device \Driver\usbuhci \Device\USBFDO-6 8A45C1F8
  132. Device \Driver\usbehci \Device\USBFDO-7 8A4501F8
  133. Device \Driver\az293g63 \Device\Scsi\az293g631Port6Path0Target0Lun0 8A2DA1F8
  134. Device \Driver\az293g63 \Device\Scsi\az293g631Port6Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  135. Device \Driver\az293g63 \Device\Scsi\az293g631 8A2DA1F8
  136. Device \Driver\az293g63 \Device\Scsi\az293g631 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
  137. Device \FileSystem\Cdfs \Cdfs 8A214500
  138.  
  139. ---- Registry - GMER 1.0.15 ----
  140.  
  141. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
  142. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
  143. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
  144. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
  145. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
  146. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
  147. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xFF 0x9E 0x5B ...
  148. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
  149. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
  150. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x32 0xA6 0xEC ...
  151. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
  152. Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x9F 0x5A 0xDA ...
  153. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
  154. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
  155. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
  156. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xFF 0x9E 0x5B ...
  157. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
  158. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
  159. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x32 0xA6 0xEC ...
  160. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
  161. Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x9F 0x5A 0xDA ...
  162.  
  163. ---- EOF - GMER 1.0.15 ----
  164.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!