Skocz do zawartości
Nadchodzące zmiany w logowaniu

TomSky

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    2

  • Dołączył

  • Ostatnia wizyta

  1. TomSky
    jestem w trakcie robienia loga GMER lecz zapytam od razu o jeszcze jedną sprawe, na tym komputerze mam zainstalowane 2 systemy WIN7 i XP, głównie używam 7 i to w nim raczej coś złapałem, czy mimo wszystko załaczyć logi równiez z XP ?? mam log z GMER: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-08 14:35:08 Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000063 ST325041 rev.3.AA Running: zjsw8k0f.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwryykog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E549A9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8E212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE peauth.sys 9B29B02C 102 Bytes JMP 3D1CF0D5 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[420] kernel32.dll!SetUnhandledExceptionFilter 75513162 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!CharToOemA + 3A 75BFB1DE 7 Bytes JMP 0011FDF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!PostMessageW + 2CE 75C064F3 7 Bytes JMP 0011FCA0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!SetDlgItemTextA + 25 75C18FF6 7 Bytes JMP 0011FDD0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxIndirectA + F5 75C4E9BE 7 Bytes JMP 0011FE40 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxIndirectW + 61 75C4EA24 7 Bytes JMP 0011FF10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxExA + 1F 75C4EA48 7 Bytes JMP 0011FEC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 snapman.sys (Acronis Snapshot API/Acronis) ---- EOF - GMER 1.0.15 ---- dodatko log z ComboFix ComboFix-quarantined-files.txt
  2. TomSky
    Witam dostałem informację, że mój komputer rozsyła ze służbowej skrzynki spam w załaczeniu logi OTL informatyk kazał mi przeskanowac komputer ComboFixem... log w załączeniu Extras.Txt OTL.Txt ComboFix.txt
×
×
  • Dodaj nową pozycję...