Foro de Spyware - Ver Mensaje Individual - nuevo rootkit detectado en cada reinicio

Tema: nuevo rootkit detectado en cada reinicio

Ver Mensaje Individual

post #10 (permalink)

16/05/08, 17:15:32

patalete

Usuario

Registrado: dic 2006

Ubicación: Es

Mensajes: 13

Re: nuevo rootkit detectado en cada reinicio

...continuacion....

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8269261E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82691AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82692748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82691B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82691C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [826A729A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\ajt1fms4.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\ak7dyh3m.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74287BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742C98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7428D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7427F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74287599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7427E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742BB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7428D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7428012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74280095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742771F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7430D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742A75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7427DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7427668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742766BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74281E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f 3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8469C1E8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\fastfat \FatCdrom 9014C790

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinámico/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dinámico/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 846961E8
Device \Driver\usbuhci \Device\USBPDO-0 8811B1E8
Device \Driver\usbuhci \Device\USBPDO-1 8811B1E8
Device \Driver\netbt \Device\NetBT_Tcpip_{8473355A-6172-4C4C-B375-72331C962FE2} 9013C790
Device \Driver\usbehci \Device\USBPDO-2 87ED1790
Device \Driver\usbuhci \Device\USBPDO-3 8811B1E8
Device \Driver\usbuhci \Device\USBPDO-4 8811B1E8
Device \Driver\usbuhci \Device\USBPDO-5 8811B1E8
Device \Driver\usbehci \Device\USBPDO-6 87ED1790
Device \Driver\volmgr \Device\HarddiskVolume1 846961E8
Device \Driver\volmgr \Device\HarddiskVolume2 846961E8
Device \Driver\volmgr \Device\HarddiskVolume3 846961E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8469A1E8
Device \Driver\iaStor \Device\Ide\iaStor0 846981E8
Device \Driver\atapi \Device\Ide\IdePort0 8469A1E8
Device \Driver\iaNvStor \Device\Ide\IAACache0 846991E8
Device \Driver\atapi \Device\Ide\IdePort1 8469A1E8
Device \Driver\iaNvStor \Device\Ide\RobsonImd-0 846991E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 846981E8
Device \Driver\volmgr \Device\HarddiskVolume4 846961E8
Device \Driver\netbt \Device\NetBt_Wins_Export 9013C790
Device \Driver\PCI_NTPNP3568 \Device\0000005b sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 880E21E8
Device \Driver\PCI_NTPNP3568 \Device\0000005c sptd.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{B167B62A-ECF3-4C4D-86A9-059BCA05D750} 9013C790
Device \Driver\usbuhci \Device\USBFDO-0 8811B1E8
Device \Driver\usbuhci \Device\USBFDO-1 8811B1E8
Device \Driver\usbehci \Device\USBFDO-2 87ED1790
Device \Driver\usbuhci \Device\USBFDO-3 8811B1E8
Device \Driver\usbuhci \Device\USBFDO-4 8811B1E8
Device \Driver\usbuhci \Device\USBFDO-5 8811B1E8
Device \Driver\usbehci \Device\USBFDO-6 87ED1790
Device \Driver\ajt1fms4 \Device\Scsi\ajt1fms41 880971E8
Device \Driver\ak7dyh3m \Device\Scsi\ak7dyh3m1 880D51E8
Device \FileSystem\fastfat \Fat 9014C790

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Administrador de filtros del sistema de archivos de Microsoft/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat amon.sys (Amon monitor/Eset )