Hej, bo zaczęły mi wyskakiwać komunikaty o treści
Hidden connection IP: 128.154.26.11
Target: Microsoft Corporation Keys
Ktoś na mnie przeprowadza jakies ataki???
Mam wyłączyć kabel sieciowy??
– Dodane 23.08.2010 (Pn) 14:13 –
Okey, sprawdziłam ten numer IP - należy do NASA
Z tego, co czytałam to program, który mi to wyświetla robi to specjalnie, żeby kupić pełne oprogramowanie, nazywa się My Seciurity Shield
– Dodane 23.08.2010 (Pn) 14:14 –
Logi z GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 14:13:35
Windows 5.1.2600 Dodatek Service Pack 2
Running: k37st1wm.exe; Driver: D:\DOCUME~1\Kasia\USTAWI~1\Temp\ugwdrfoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB95F96B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB95F9574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB95F9A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB95F914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB95F964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB95F908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB95F90F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB95F976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB95F972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB95F98AE]
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Mozilla Firefox\plugin-container.exe[1532] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1044721D D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[2596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT D:\WINDOWS\system32\services.exe[904] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT D:\WINDOWS\system32\services.exe[904] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
– Dodane 23.08.2010 (Pn) 14:25 –
Logi z OTL:
http://wklej.to/9mJj
http://wklej.to/Dcgy
Teraz czekam na Waszą pomoc;)