Michal Kawecki pisze:
> Tu może pomóc jedynie jakieś bardziej zaawansowane narzędzie do
> wykrywania i eliminacji rootkitów.
raport z Gmer'a
---------------------------
---- System - GMER 1.0.14 ----
SSDT spwj.sys ZwEnumerateKey [0xF73ECCA2]
SSDT spwj.sys ZwEnumerateValueKey
[0xF73ED030]
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 873D51F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File
System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \Fat 87027500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft
Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft
Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File
System Recognizer/Ahead Software AG)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File
System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI
Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI
Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI
Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI
Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.14 ----
--------------------------------------------------------
jedynie ten spwj.sys jest podejrzany
help me
Bubu
Received on Fri Nov 7 01:10:03 2008
To archiwum zostało wygenerowane przez hypermail 2.1.8 : Fri 07 Nov 2008 - 01:42:00 MET