Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Log Gmer da trasformare in script per Avenger

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Log Gmer da trasformare in script per Avenger

Messaggioda mushroom666 » mar feb 28, 2012 8:20 pm

Salve ragazzi, non riesco a capire come creare lo script per Avenger da un log Gmer. Questo è il log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-28 20:17:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDT725025VLA380 rev.V5DOA7EA
Running: gmer.exe; Driver: C:\DOCUME~1\Utente\IMPOST~1\Temp\fwloypob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtCreateFile + 6 7C91D096 4 Bytes [28, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtCreateFile + B 7C91D09B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + 6 7C91D506 1 Byte [28]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + 6 7C91D506 4 Bytes [28, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + B 7C91D50B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenFile + 6 7C91D586 4 Bytes [68, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenFile + B 7C91D58B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcess + 6 7C91D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcess + B 7C91D5EB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessToken + 6 7C91D5F6 4 Bytes CALL 7B91ECFC
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessToken + B 7C91D5FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D606 4 Bytes [A8, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessTokenEx + B 7C91D60B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThread + 6 7C91D646 4 Bytes [68, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThread + B 7C91D64B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadToken + 6 7C91D656 4 Bytes [68, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadToken + B 7C91D65B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D666 4 Bytes CALL 7B91ED6D
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadTokenEx + B 7C91D66B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryAttributesFile + 6 7C91D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryAttributesFile + B 7C91D6FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D796 4 Bytes CALL 7B91EE9B
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryFullAttributesFile + B 7C91D79B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationFile + 6 7C91DC46 4 Bytes [28, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationFile + B 7C91DC4B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationThread + 6 7C91DC96 4 Bytes [28, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationThread + B 7C91DC9B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 1 Byte [68]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtUnmapViewOfSection + B 7C91DEFB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtCreateFile + 6 7C91D096 4 Bytes [28, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtCreateFile + B 7C91D09B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtMapViewOfSection + 6 7C91D506 1 Byte [28]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtMapViewOfSection + 6 7C91D506 4 Bytes [28, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtMapViewOfSection + B 7C91D50B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenFile + 6 7C91D586 4 Bytes [68, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenFile + B 7C91D58B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcess + 6 7C91D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcess + B 7C91D5EB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcessToken + 6 7C91D5F6 4 Bytes CALL 7B91ECFC
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcessToken + B 7C91D5FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D606 4 Bytes [A8, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenProcessTokenEx + B 7C91D60B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThread + 6 7C91D646 4 Bytes [68, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThread + B 7C91D64B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThreadToken + 6 7C91D656 4 Bytes [68, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThreadToken + B 7C91D65B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D666 4 Bytes CALL 7B91ED6D
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtOpenThreadTokenEx + B 7C91D66B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtQueryAttributesFile + 6 7C91D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtQueryAttributesFile + B 7C91D6FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D796 4 Bytes CALL 7B91EE9B
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtQueryFullAttributesFile + B 7C91D79B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtSetInformationFile + 6 7C91DC46 4 Bytes [28, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtSetInformationFile + B 7C91DC4B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtSetInformationThread + 6 7C91DC96 4 Bytes [28, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtSetInformationThread + B 7C91DC9B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 1 Byte [68]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[536] ntdll.dll!NtUnmapViewOfSection + B 7C91DEFB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + 6 7C91D096 4 Bytes [28, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtCreateFile + B 7C91D09B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 7C91D506 1 Byte [28]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + 6 7C91D506 4 Bytes [28, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtMapViewOfSection + B 7C91D50B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + 6 7C91D586 4 Bytes [68, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenFile + B 7C91D58B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + 6 7C91D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcess + B 7C91D5EB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessToken + 6 7C91D5F6 4 Bytes CALL 7B91ECFC
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessToken + B 7C91D5FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D606 4 Bytes [A8, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenProcessTokenEx + B 7C91D60B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + 6 7C91D646 4 Bytes [68, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThread + B 7C91D64B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + 6 7C91D656 4 Bytes [68, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadToken + B 7C91D65B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D666 4 Bytes CALL 7B91ED6D
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtOpenThreadTokenEx + B 7C91D66B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + 6 7C91D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryAttributesFile + B 7C91D6FB 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D796 4 Bytes CALL 7B91EE9B
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtQueryFullAttributesFile + B 7C91D79B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + 6 7C91DC46 4 Bytes [28, 01, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationFile + B 7C91DC4B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + 6 7C91DC96 4 Bytes [28, 02, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtSetInformationThread + B 7C91DC9B 1 Byte [E2]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 1 Byte [68]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + 6 7C91DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Programmi\Google\Chrome\Application\chrome.exe[808] ntdll.dll!NtUnmapViewOfSection + B 7C91DEFB 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE8 0x09 0x35 0xB1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x69 0x1C 0xB0 0xA0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0x37 0x5E 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b0ab4d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xDE 0x71 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b0ab4d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0xDE 0x71 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programmi\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C29FB6FA-CC5E-034C-1994-DE0597D9B5F3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C29FB6FA-CC5E-034C-1994-DE0597D9B5F3}@paiahglncgmjmmbkepjfkolcmjfmkjlh 0x6A 0x61 0x6D 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C29FB6FA-CC5E-034C-1994-DE0597D9B5F3}@oaoofffdbiooioioodfjbkbdgcgnin 0x6A 0x61 0x6D 0x6E ...
Ultima modifica di Andy94 il mar feb 28, 2012 8:39 pm, modificato 1 volta in totale.
Motivazione: Inserito tag MEMO
Avatar utente
mushroom666
Neo Iscritto
Neo Iscritto
 
Messaggi: 1
Iscritto il: dom giu 20, 2010 10:00 am
Top

Re: Log Gmer da trasformare in script per Avenger

Messaggioda crazy.cat » mar feb 28, 2012 8:40 pm

Ma ti vede qualche voce in rosso di rootkit?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising