|
-
August 13th, 2010, 12:27 PM
#5
GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 10:52:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7435112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF74142D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF74144C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7435900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7435BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7433E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7436020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF74353D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7413F44]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB976D360, 0x37388D, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device InCDFs.sys (InCD File System Driver/Nero AG)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}?Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A122DA11-F4F8-4774-8922-32B095AE62DE}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A122DA11-F4F8-4774-8922-32B095AE62DE}@IpConfig Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}@IpConfig Tcpip\Parameters\Interfaces\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\NdisWanIp@MTU 1500
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@MTU 1500
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}?Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{A122DA11-F4F8-4774-8922-32B095AE62DE}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{A122DA11-F4F8-4774-8922-32B095AE62DE}@IpConfig Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}@IpConfig Tcpip\Parameters\Interfaces\{E03C9759-E2E0-441E-8BAD-DA6263030D9E}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\NdisWanIp@MTU 1500
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{17DD5775-0517-43D8-8E25-FF3C933273B1}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{772FD57A-29FF-4648-ACF3-4950BCDC555D}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A122DA11-F4F8-4774-8922-32B095AE62DE}@MTU 1500
---- EOF - GMER 1.0.15 ----
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
