Re: Prosím o kontrolu logu RSIT
Napsal: 14 dub 2010 21:08
tak a je to:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 22:08:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Lynx\LOCALS~1\Temp\uwlorpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Lynx\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1700] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 351791
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 22:08:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Lynx\LOCALS~1\Temp\uwlorpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\Lynx\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[148] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[372] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1700] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 351791
---- EOF - GMER 1.0.15 ----
