mavro Публикувано Септември 21, 2008 Report Share Публикувано Септември 21, 2008 Някой би ли ми обяснил какво означава всичко това. Има ли тревожни неща?Ето файла от сканирането.GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2008-09-21 19:08:25Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB2E60618]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB2E604D4]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB2E609B2]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB2E600AC]SSDT sptd.sys ZwEnumerateKey [0xF8431FB2]SSDT sptd.sys ZwEnumerateValueKey [0xF8432340]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB2E605AE]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB2E5FFEC]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB2E60050]SSDT sptd.sys ZwQueryKey [0xF8432418]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB2E606CE]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB2E6068E]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB2E6080E] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process..text USBPORT.SYS!DllUnload F801162C 5 Bytes JMP 81F721C8 ? System32\Drivers\aeadz6yl.SYS The system cannot find the file specified. !? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. ! ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F844306C] sptd.sysIAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8443018] sptd.sysIAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84659AE] sptd.sysIAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844306C] sptd.sysIAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842CAD4] sptd.sysIAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842CC1A] sptd.sysIAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842CB9C] sptd.sysIAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842D748] sptd.sysIAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842D61E] sptd.sysIAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F844229A] sptd.sys ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Skype\Phone\Skype.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03822EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Skype\Phone\Skype.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03822C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Skype\Phone\Skype.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [03822C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Skype\Phone\Skype.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03822C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002IAT C:\WINDOWS\system32\services.exe[948] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000IAT C:\Documents and Settings\mavro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Documents and Settings\mavro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Documents and Settings\mavro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Documents and Settings\mavro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\Explorer.EXE[1752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [021C2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\Explorer.EXE[1752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [021C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\Explorer.EXE[1752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [021C2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\Explorer.EXE[1752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [021C2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT D:\INSTALL\gmer\gmer.exe[2256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT D:\INSTALL\gmer\gmer.exe[2256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT D:\INSTALL\gmer\gmer.exe[2256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT D:\INSTALL\gmer\gmer.exe[2256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\system32\wscntfy.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\system32\wscntfy.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\system32\wscntfy.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\WINDOWS\system32\wscntfy.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Raxco\PerfectDisk\PDEngine.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Raxco\PerfectDisk\PDEngine.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Raxco\PerfectDisk\PDEngine.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\Raxco\PerfectDisk\PDEngine.exe[3528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\uTorrent\uTorrent.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\uTorrent\uTorrent.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\uTorrent\uTorrent.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003A2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)IAT C:\Program Files\uTorrent\uTorrent.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 823661E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBPDO-0 8202A1E8Device \Driver\usbuhci \Device\USBPDO-1 8202A1E8Device \Driver\dmio \Device\DmControl\DmIoDaemon 823681E8Device \Driver\dmio \Device\DmControl\DmConfig 823681E8Device \Driver\dmio \Device\DmControl\DmPnP 823681E8Device \Driver\dmio \Device\DmControl\DmInfo 823681E8Device \Driver\usbuhci \Device\USBPDO-2 8202A1E8Device \Driver\usbuhci \Device\USBPDO-3 8202A1E8Device \Driver\PCI_NTPNP0336 \Device\00000048 sptd.sysDevice \Driver\usbehci \Device\USBPDO-4 81F3E1E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 823D81E8Device \Driver\Ftdisk \Device\HarddiskVolume2 823D81E8Device \Driver\Cdrom \Device\CdRom0 8202D1E8Device \Driver\atapi \Device\Ide\IdePort0 823D71E8Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823D71E8Device \Driver\atapi \Device\Ide\IdePort1 823D71E8Device \Driver\NetBT \Device\NetBt_Wins_Export 81CDB790Device \Driver\NetBT \Device\NetbiosSmb 81CDB790 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBFDO-0 8202A1E8Device \Driver\usbuhci \Device\USBFDO-1 8202A1E8Device \Driver\NetBT \Device\NetBT_Tcpip_{5E915578-F040-4A68-9703-4F121C30330D} 81CDB790Device \Driver\usbuhci \Device\USBFDO-2 8202A1E8Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81D13790Device \Driver\usbuhci \Device\USBFDO-3 8202A1E8Device \FileSystem\MRxSmb \Device\LanmanRedirector 81D13790Device \Driver\Ftdisk \Device\FtControl 823D81E8Device \Driver\usbehci \Device\USBFDO-4 81F3E1E8Device \Driver\viamraid \Device\Scsi\viamraid1 823671E8Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 823671E8Device \Driver\aeadz6yl \Device\Scsi\aeadz6yl1 81F00790Device \FileSystem\Cdfs \Cdfs 81E36468 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2a2b2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x2C 0x80 0x17 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD9 0xD9 0x43 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x4D 0x89 0xB2 ...Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d2a2b2 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x2C 0x80 0x17 ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x32 0xD9 0xD9 0x43 ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x09 0x4D 0x89 0xB2 ... ---- EOF - GMER 1.0.14 ---- Цитирай Link to comment Сподели другаде More sharing options...
mate Публикувано Септември 21, 2008 Report Share Публикувано Септември 21, 2008 Здравей всичко е ок Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Септември 21, 2008 Report Share Публикувано Септември 21, 2008 Общо взето тревожните неща ще бъдат маркирани в червено в прозореца на GMER. Ако нямаш нищо в червено, то по всяка вероятност няма проблеми. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.