Thread: [Resolved]Please help to checl hijackthis log !!
View Single Post
  #5 (permalink)  
Old 14-05-2009, 06:38 AM
supreme supreme is offline
Junior Member
New Recruit
  
Join Date: May 2008
Posts: 27
supreme Is a beginner here at D-A-L
re: [Resolved]Please help to checl hijackthis log !!
Gmer LOG :

================================================== ==============

GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-14 13:39:59
Windows 5.2.3790 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 88A50FA0 ZwCreateKey
SSDT 88A504A0 ZwCreateProcess
SSDT 88A50760 ZwCreateProcessEx
SSDT 88A51C60 ZwCreateSection
SSDT 88A52140 ZwCreateThread
SSDT 88A51520 ZwDeleteKey
SSDT 88A517E0 ZwDeleteValueKey
SSDT 88A522E0 ZwLoadDriver
SSDT 88A50A20 ZwOpenProcess
SSDT 88A51E00 ZwOpenSection
SSDT 88A51260 ZwSetValueKey
SSDT 88A50CE0 ZwTerminateProcess
SSDT 88A51FA0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeQuerySystemTime + D9 8083E675 3 Bytes [0F, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + F0 8083E68C 8 Bytes [A0, 04, A5, 88, 60, 07, A5, ...]
.text ntoskrnl.exe!KeQuerySystemTime + FC 8083E698 4 Bytes [60, 1C, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + 108 8083E6A4 4 Bytes [40, 21, A5, 88]
.text ntoskrnl.exe!KeQuerySystemTime + 134 8083E6D0 4 Bytes [20, 15, A5, 88]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44FAD, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[2964] C:\WINDOWS\Explorer.EXE section is executable [0x01100000, 0x38E5, 0xE2000060]
.text C:\WINDOWS\Explorer.EXE[3716] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44FAD, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[3716] C:\WINDOWS\Explorer.EXE section is executable [0x01100000, 0x38E5, 0xE2000060]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1

---- EOF - GMER 1.0.15 ----

================================================== ==============
Reply With Quote