API tools faq
paste
Advertisement
Guest User

ark.log

a guest
Dec 13th, 2011
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.38 KB | None | 0 0
raw download clone embed print report
  1. GMER 1.0.15.15641 - http://www.gmer.net
  2. Rootkit scan 2011-12-13 11:31:35
  3. Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC2O
  4. Running: e0miri9d.exe; Driver: E:\DOCUME~1\mzhang\LOCALS~1\Temp\pftdrpow.sys
  5.  
  6.  
  7. ---- Kernel code sections - GMER 1.0.15 ----
  8.  
  9. ? E:\DOCUME~1\mzhang\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
  10.  
  11. ---- User code sections - GMER 1.0.15 ----
  12.  
  13. .text E:\Program Files\Mozilla Firefox\firefox.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C0000A
  14. .text E:\Program Files\Mozilla Firefox\firefox.exe[604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02C1000A
  15. .text E:\Program Files\Mozilla Firefox\firefox.exe[604] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 029F000C
  16. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A5000A
  17. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A6000A
  18. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A
  19. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091000A
  20. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
  21. .text E:\WINDOWS\System32\ping.exe[728] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006E000C
  22. .text E:\WINDOWS\System32\ping.exe[728] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00A9000A
  23. .text E:\WINDOWS\System32\ping.exe[728] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00AA000A
  24. .text E:\WINDOWS\System32\ping.exe[728] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00AB000A
  25. .text E:\WINDOWS\System32\ping.exe[728] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00A8000A
  26. .text E:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01FF000A
  27. .text E:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0200000A
  28. .text E:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01FE000C
  29. .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1856] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106ACCFA E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
  30. .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1856] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106ACC8C E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
  31. .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1856] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E78C E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
  32. .text E:\Program Files\Mozilla Firefox\plugin-container.exe[1856] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045ED49 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
  33.  
  34. ---- Devices - GMER 1.0.15 ----
  35.  
  36. Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
  37. Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
  38. Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
  39.  
  40. ---- Modules - GMER 1.0.15 ----
  41.  
  42. Module (noname) (*** hidden *** ) 9C58B000-9C5A1000 (90112 bytes)
  43.  
  44. ---- Files - GMER 1.0.15 ----
  45.  
  46. File E:\clean\log\2011-07-05__22:11boot-repair56\2011-07-05__22:11.boot-repair.log.tee 10007 bytes
  47. File E:\clean\log\2011-07-05__22:11boot-repair56\608CBAC28CBA9250 4 bytes
  48. File E:\clean\log\2011-07-05__22:11boot-repair56\sda 0 bytes
  49. File E:\clean\log\2011-07-05__22:11boot-repair56\sda\current_mbr.img 1048576 bytes
  50. File E:\clean\log\2011-07-05__22:11boot-repair56\sda\mbr_before_reinstalling_grub.img 1048576 bytes
  51. File E:\WINDOWS\$NtUninstallKB14528$\1388125074 0 bytes
  52. File E:\WINDOWS\$NtUninstallKB14528$\2764807179 0 bytes
  53. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\@ 2048 bytes
  54. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\bckfg.tmp 850 bytes
  55. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\cfg.ini 208 bytes
  56. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\Desktop.ini 4608 bytes
  57. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\keywords 151 bytes
  58. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\kwrd.dll 223744 bytes
  59. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\L 0 bytes
  60. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\L\qjoiokwu 75264 bytes
  61. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\lsflt7.ver 5176 bytes
  62. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U 0 bytes
  63. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\00000001.@ 2048 bytes
  64. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\00000002.@ 224768 bytes
  65. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\00000004.@ 1024 bytes
  66. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\80000000.@ 1024 bytes
  67. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\80000004.@ 12800 bytes
  68. File E:\WINDOWS\$NtUninstallKB14528$\2764807179\U\80000032.@ 98304 bytes
  69.  
  70. ---- EOF - GMER 1.0.15 ----
  71.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!