Skocz do zawartości

TomSky

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    2

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Odpowiedzi opublikowane przez TomSky

  1. Komputer rozsyła spam

    w Dział pomocy doraźnej

    Opublikowano

    jestem w trakcie robienia loga GMER lecz zapytam od razu o jeszcze jedną sprawe, na tym komputerze mam zainstalowane 2 systemy WIN7 i XP, głównie używam 7 i to w nim raczej coś złapałem, czy mimo wszystko załaczyć logi równiez z XP ??

     

     

    mam log z GMER:

     

     

    GMER 1.0.15.15530 - http://www.gmer.net

    Rootkit scan 2010-12-08 14:35:08

    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000063 ST325041 rev.3.AA

    Running: zjsw8k0f.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwryykog.sys

     

     

    ---- Kernel code sections - GMER 1.0.15 ----

     

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E549A9 1 Byte [06]

    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8E212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    PAGE peauth.sys 9B29B02C 102 Bytes JMP 3D1CF0D5

     

    ---- User code sections - GMER 1.0.15 ----

     

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[420] kernel32.dll!SetUnhandledExceptionFilter 75513162 4 Bytes [C2, 04, 00, 00]

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!CharToOemA + 3A 75BFB1DE 7 Bytes JMP 0011FDF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!PostMessageW + 2CE 75C064F3 7 Bytes JMP 0011FCA0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!SetDlgItemTextA + 25 75C18FF6 7 Bytes JMP 0011FDD0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxIndirectA + F5 75C4E9BE 7 Bytes JMP 0011FE40 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxIndirectW + 61 75C4EA24 7 Bytes JMP 0011FF10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

    .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3064] USER32.dll!MessageBoxExA + 1F 75C4EA48 7 Bytes JMP 0011FEC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

     

    ---- Devices - GMER 1.0.15 ----

     

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 snapman.sys (Acronis Snapshot API/Acronis)

     

    Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

     

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 snapman.sys (Acronis Snapshot API/Acronis)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 snapman.sys (Acronis Snapshot API/Acronis)

     

    ---- EOF - GMER 1.0.15 ----

     

     

     

     

    dodatko log z ComboFix

    ComboFix-quarantined-files.txt

×
×
  • Dodaj nową pozycję...