Infekcja komputera keyloggerem

Ramzi1988 · 30 Kwiecień 2011 09:53

zostaly mi skaradzione hasla do gry onlineGMER 1.0.15.15572 - http://www.gmer.net

Rootkit scan 2011-04-30 11:49:15

Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541612J9SA00 rev.SBDOC70P

Running: 6jkur7s6.exe; Driver: C:\DOCUME~1\asik\USTAWI~1\Temp\ffedqpob.sys

---- System - GMER 1.0.15 ----

SSDT spny.sys ZwCreateKey [0xF73870E0]

SSDT spny.sys ZwEnumerateKey [0xF73A5CA2]

SSDT spny.sys ZwEnumerateValueKey [0xF73A6030]

SSDT spny.sys ZwOpenKey [0xF73870C0]

SSDT spny.sys ZwQueryKey [0xF73A6108]

SSDT spny.sys ZwQueryValueKey [0xF73A5F88]

SSDT spny.sys ZwSetValueKey [0xF73A619A]

INT 0x62 ? 865D6BF8

INT 0x63 ? 86400BF8

INT 0x73 ? 86400BF8

INT 0x82 ? 865D6BF8

INT 0xA4 ? 86400BF8

INT 0xB4 ? 86400BF8

---- Kernel code sections - GMER 1.0.15 ----

? spny.sys Nie można odnaleźć określonego pliku. !

.text USBPORT.SYS!DllUnload F6F3D62C 5 Bytes JMP 864001D8

.text afeyb1x0.SYS F6EEF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, …]

.text afeyb1x0.SYS F6EEF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, …]

.text afeyb1x0.SYS F6EEF3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text afeyb1x0.SYS F6EEF3C9 1 Byte [2E]

.text afeyb1x0.SYS F6EEF3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, …] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}

.text …

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00452440 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 004524A0 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00452330 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 00452280 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!ShowScrollBar 7E37F2B3 5 Bytes JMP 00452400 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 004522C0 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 00452370 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 004522F0 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 004523B0 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\blueconnect\blueconnect.exe[3428] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 00452240 C:\Program Files\blueconnect\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7388040] spny.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738813C] spny.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73880BE] spny.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73887FC] spny.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73886D2] spny.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7398048] spny.sys

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KfAcquireSpinLock] 8A000002

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!READ_PORT_UCHAR] 83880846

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KeGetCurrentIrql] 000001C0

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KfLowerIrql] 8303C183

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!HalGetInterruptVector] D103FCE1

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!KfReleaseSpinLock] 83893204

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[WMILIB.SYS!WmiSystemControl] 03D00304

IAT \SystemRoot\System32\Drivers\afeyb1x0.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865D51F8

Device \Driver\USBSTOR \Device\0000009b 85BBB500

Device \Driver\USBSTOR \Device\0000009c 85BBB500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\0000009d 85BBB500

Device \Driver\usbehci \Device\USBPDO-0 863EE1F8

Device \Driver\PCI_PNP1078 \Device\00000051 spny.sys

Device \Driver\dmio \Device\DmControl\DmIoDaemon 865681F8

Device \Driver\dmio \Device\DmControl\DmConfig 865681F8

Device \Driver\dmio \Device\DmControl\DmPnP 865681F8

Device \Driver\dmio \Device\DmControl\DmInfo 865681F8

Device \Driver\usbuhci \Device\USBPDO-1 863FF1F8

Device \Driver\usbuhci \Device\USBPDO-2 863FF1F8

Device \Driver\usbuhci \Device\USBPDO-3 863FF1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{6A3AFC91-971E-4F55-A734-45E63DB0659B} 85BF31F8

Device \Driver\usbuhci \Device\USBPDO-4 863FF1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 865D71F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 865D71F8

Device \Driver\Cdrom \Device\CdRom0 8626E1F8

Device \Driver\atapi \Device\Ide\IdePort0 865D61F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 865D61F8

Device \Driver\atapi \Device\Ide\IdePort1 865D61F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{C683921B-987B-4F1E-9C5A-B3145F46D7B5} 85BF31F8

Device \Driver\Cdrom \Device\CdRom1 8626E1F8

Device \Driver\Cdrom \Device\CdRom2 8626E1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 85BF31F8

Device \Driver\NetBT \Device\NetbiosSmb 85BF31F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{337E72B6-9A44-47C3-B914-CDBEC994FB29} 85BF31F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\2879367328 spny.sys

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 863FF1F8

Device \Driver\usbuhci \Device\USBFDO-1 863FF1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85BE61F8

Device \Driver\usbuhci \Device\USBFDO-2 863FF1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 85BE61F8

Device \Driver\usbuhci \Device\USBFDO-3 863FF1F8

Device \Driver\usbehci \Device\USBFDO-4 863EE1F8

Device \Driver\Ftdisk \Device\FtControl 865D71F8

Device \Driver\afeyb1x0 \Device\Scsi\afeyb1x01Port4Path0Target1Lun0 863831F8

Device \Driver\afeyb1x0 \Device\Scsi\afeyb1x01 863831F8

Device \Driver\afeyb1x0 \Device\Scsi\afeyb1x01Port4Path0Target0Lun0 863831F8

Device \Driver\USBSTOR \Device\0000009a 85BBB500

Device \FileSystem\Cdfs \Cdfs 8637A418

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xD5 0x5B 0xE6 …

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 …

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0x20 0x8B 0x40 …

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xE9 0x0B 0x8F …

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x7B 0x6B 0x6F 0xB3 …

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xD5 0x5B 0xE6 …

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 …

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0x20 0x8B 0x40 …

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCF 0xE9 0x0B 0x8F …

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x7B 0x6B 0x6F 0xB3 …

---- EOF - GMER 1.0.15 ----

Hurricane · 30 Kwiecień 2011 10:37

No i? Jedyne co możesz to napisać do twórców i używać antywirusa.

hawk_zj · 30 Kwiecień 2011 12:18

Nie rozumiem Twojego postu chcesz się pochwalić ?

Nie chwal się bo i prąd Ci wyłączą