GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 06:36:07
Windows 5.1.2600 Service Pack 2
Running: 5zxg6tuj.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\TEMP_~1\kxnoqkod.sys
---- System - GMER 1.0.15 ----
SSDT 851C2580 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAE536CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAE536BAC]
SSDT F7D083F4 ZwCreateThread
SSDT 851C3100 ZwDebugActiveProcess
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAE537160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAE53708A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAE536782]
SSDT spiz.sys ZwEnumerateKey [0xF73F9DA4]
SSDT spiz.sys ZwEnumerateValueKey [0xF73FA132]
SSDT F7D08412 ZwLoadKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAE536C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAE5366C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAE536726]
SSDT 851C29C0 ZwProtectVirtualMemory
SSDT spiz.sys ZwQueryKey [0xF73FA20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAE536DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAE53722E]
SSDT F7D0841C ZwReplaceKey
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAE536D66]
SSDT 851C2860 ZwSetContextThread
SSDT 851C26E0 ZwSetInformationThread
SSDT 851BF700 ZwSetSecurityObject
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAE536EE6]
SSDT 851C2420 ZwSuspendProcess
SSDT 851C22C0 ZwSuspendThread
SSDT 851C1E50 ZwTerminateProcess
SSDT 851C2150 ZwTerminateThread
SSDT 851C2F50 ZwWriteVirtualMemory
INT 0x62 ? 867D9BF8
INT 0x63 ? 8658FBF8
INT 0x73 ? 867D9BF8
INT 0x73 ? 867D9BF8
INT 0x73 ? 867D9BF8
INT 0x83 ? 867D9BF8
INT 0x83 ? 867D9BF8
INT 0x83 ? 867D9BF8
INT 0xB4 ? 8658FBF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAE543BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAE5439D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAE543B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8057866C 7 Bytes JMP AE543B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F56A 7 Bytes JMP AE5439D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B0A76 5 Bytes JMP AE53F5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7764 5 Bytes JMP AE540FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5F68 7 Bytes JMP AE543BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spiz.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload F712162C 5 Bytes JMP 8658F1D8
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF76B5A0C]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6C81000, 0x1C5D38, 0xE8000020]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F6BE74F0 48 Bytes [4B, 52, 62, 34, 6C, B0, 4E, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAB3C3F00, 0x24000, 0x48000000]
---- User code sections - GMER 1.0.15 ----
.text E:\Program Files\Alwil Software\Avast5\AvastSvc.exe[792] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2108] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]
.text E:\Program Files\OO Software\Defrag\oodag.exe[2612] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 00402FB0 E:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73DC042] spiz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73DC13E] spiz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73DC0C0] spiz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73DC800] spiz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73DC6D6] spiz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73EBE9C] spiz.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1312] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1312] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 867D81F8
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 84F991F8
Device \FileSystem\Udfs \UdfsCdRom 852401F8
Device \FileSystem\Udfs \UdfsDisk 852401F8
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbohci \Device\USBPDO-0 865BD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676C1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676C1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676C1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676C1F8
Device \Driver\usbehci \Device\USBPDO-1 865BC1F8
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\prodrv06 \Device\ProDrv06 E1E26828
Device \Driver\Ftdisk \Device\HarddiskVolume1 867DA1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Ftdisk \Device\HarddiskVolume2 867DA1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Cdrom \Device\CdRom0 865381F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867DA1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
Device \Driver\Cdrom \Device\CdRom1 865381F8
Device \Driver\atapi \Device\Ide\IdePort0 867D91F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 867D91F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 867D91F8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 867D91F8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 867D91F8
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 867D91F8
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E100CF80
Device \Driver\NetBT \Device\NetBt_Wins_Export 852911F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C3288CDE-FC23-492C-86C8-720B27DE9160} 852911F8
Device \Driver\NetBT \Device\NetbiosSmb 852911F8
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\PCI_PNP9602 \Device\0000005e spiz.sys
Device \Driver\PCI_PNP9602 \Device\0000005e spiz.sys
Device \Driver\usbohci \Device\USBFDO-0 865BD1F8
Device \Driver\usbehci \Device\USBFDO-1 865BC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 851341F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 851341F8
Device \Driver\Ftdisk \Device\FtControl 867DA1F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port6Path0Target0Lun0 863C31F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port6Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1 863C31F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 84F991F8
AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs 850D21F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 305992704
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 719604787
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Hry\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x19 0x4B 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x9B 0xFD 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x38 0x1D 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Hry\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x19 0x4B 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x9B 0xFD 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x38 0x1D 0x94 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 775E5DBAEBA8BF0D457EA233FE7365EF7A26234EBDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3D7FCCDA088CF0648CA2B06CBB55F86461AA53B960B50C2D3ECF225A1FE66F8958A142BFDC6ED2239BA751962D6606C6D84323EA49004F7989EB9A291873C4DC24B814EC4F24B9627D36579615A743CFB60E1F40429342174703B07428A283F68BB7043A6E1EEAEF68477375FAA1B68B7B2B0B12EC2ECCEDDFF9D87D278716BB00E855786D65F0CDF8A85CAE8B72ACB78B0EAE260E211A98A0870A7A14C82A4357E755E923149931AE7D4D3295C8B246317C553B0F511BE63A38C294901E30DACCA44FC58B5B77836BB985638D699DDE9513CE817D37835D446A036C62585D03FD6695B743FBE0E27728C69B8B2D84DB4C3EEE1E08E0CB3136D44F907458AB6FED437D5E8F4F6F207F66D7A64B00C0CA47C00DAA0670B0D0EEFB2F895295D68A032B60CBD4BF81C091E604442CE1F36FE0B305346E1A31D9AF3D3250AF98E0EE07DB1E09204D39FE206D19273466FEBF538036BADFA791201CC8E5D2E2018FED29EB958F9E89FCC70596697908388AE5416585B49A755AABBEA1E1F36402EA0B7BC22D4EA51EF6BCF94DCC57F61180C12E76590A02765837051F3B0
---- EOF - GMER 1.0.15 ----
Je v tom virus ? Mam podozrenie ze nieco nie je vporiadku.
gmer
-
shiro
- Pokročilý používateľ
- Príspevky: 8731
- Dátum registrácie: Št 21. Dec, 2006, 02:00
- Bydlisko: Banska Bystrica
Re: gmer
a preco si myslis ze daco neni OK?
Ryzen 7 3700X | SilentiumPC Fera 3 | Asrock X570M Pro4 | Patriot Viper 4 Blackout 16GB DDR4-3600 CL17 | Gainward RTX4060 Ti Pegasus 8GB | Samsung 970evo Plus 250GB NVMe | Corsair MP510 1TB NVMe | Samsung 980 Pro 2TB NVMe | Corsair RM550x | 32" Samsung ViewFinity S60UA | 3x Noctua NF-S12B redux 1200 PWM
Xiaomi Mi 9 Lite 64GB
Xiaomi Mi 9 Lite 64GB
-
shiro
- Pokročilý používateľ
- Príspevky: 8731
- Dátum registrácie: Št 21. Dec, 2006, 02:00
- Bydlisko: Banska Bystrica
Re: gmer
nic cudne, bohvie kade vsade a na co klikas. zdakade sa ti to tam dostane. ak by si nejakeho trojana mal, tak ti pipne NOD. preskenuj si to este cez mbam a pripadne superantispyware a vyliec.
Ryzen 7 3700X | SilentiumPC Fera 3 | Asrock X570M Pro4 | Patriot Viper 4 Blackout 16GB DDR4-3600 CL17 | Gainward RTX4060 Ti Pegasus 8GB | Samsung 970evo Plus 250GB NVMe | Corsair MP510 1TB NVMe | Samsung 980 Pro 2TB NVMe | Corsair RM550x | 32" Samsung ViewFinity S60UA | 3x Noctua NF-S12B redux 1200 PWM
Xiaomi Mi 9 Lite 64GB
Xiaomi Mi 9 Lite 64GB