kazkus

Dzięki serdeczne. Zrobiłem chyba wszystko, ale nie wyszło chyba zbyt dobrze. Czyszczenie po GMERZe chyba nie wyszło tak jak trzeba, (Nie wiem jak wysłać grafikę - opiszę) Kanał podstawowy IDE - tryb urządzenia - nieaktywny tryb transferu - DMA jeśli dostępne bierzący tryb transferu - Tryb PIO Kanał Pomocniczy IDE bierzący tryb transferu - Ultra DMA tryb 2 Nie wiem czy tak ma być. Pozdrawiam DelFix.txt

Witam serdecznie Mam staruszka , słaby, po iluś formatach, nawet miałem 7 i chodził.Coś się działo i wróciłem do XP. Z początku chodził super, podkręciłe go trochę ( dawno temu trochę uczył mnie TATA na cybertrash ) o ile się nie mylę.Teraz strasznie wolno się otwiera, często robi się jakby stop klatka, zaczyna mieć problemy z aplikacjami. Ostatnio zamknął mi utorrent - pojawia się komunikat o zamknięciu aplikacji. ( nie można jej otworzyć- zaawsze ten kom. o zamknięciu z powodu problemu.). Znalazłem nawet Firefoksa aurora , słyszałem że chodzi lepiej i szybciej. Może ale szybciej się nie otwiera niż normalny. Bardzo prozę o pomoc bo znowu zanosi się na F:C. Używam od czasu do czasu CCleaner Profesional v 4.05.4250. Nie używam malwarebytes anti- malware ponieważ spowalnia mi jeszcze system. Załanczam raporty: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-04 14:28:35 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340823A rev.3.39 37,27GB Running: x127lq12.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\fwkdikoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEDD93B10] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEDD945EE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xEDDD843E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xEDDA05E0] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEDDA062C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEDDA07C6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xEDDD7DF2] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xEDDA054E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xEDDA0670] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEDDA0596] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xEDD94B24] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xEDDA0780] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEDD953DC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEDD93B76] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xEDDD8B04] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEDDD8DBA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEDD98B58] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEDDD896F] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEDDD87DA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xEDD9375E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEDD93BDC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEDD98F4E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEDD95E6C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xEDDA060A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEDDA064E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEDDA07EA] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xEDDD814E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xEDDA0574] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xEDD98452] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xEDDA06FE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEDDA05BE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xEDD9883A] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xEDDA07A4] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEDE490CC] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xEDDD8655] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xEDD95D38] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEDDD84A7] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEDD9588E] SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xEDE56F22] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xEDDD7438] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEDD93C42] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEDD93CA8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xEDD95256] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEDD937F8] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEDD939CE] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xEDDD8C0B] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEDD9395C] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEDD955A6] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xEDD95708] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEDD93A56] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEDD95094] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xEDD95236] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xEDD93D0E] SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEDD9464A] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, 07, DA, ED] .text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, 3C, D9, ED, A8, 3C, D9, ...] {INC EDX; CMP AL, 0xd9; IN EAX, DX; TEST AL, 0x3c; FLDLN2 ; PUSH ESI; PUSH EDX; FLDLN2 } .text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, 55, D9, ED, 08, 57, D9, ...] {CMPSB ; PUSH EBP; FLDLN2 ; OR [EDI-0x27], DL; IN EAX, DX; PUSH ESI; CMP BL, CL; IN EAX, DX} PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EDD96519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[740] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1720] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\totalcmd\TC UP.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\totalcmd\TC UP.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 019C0050 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtFlushBuffersFile 7C90D310 5 Bytes JMP 019BC14F C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 019BFCF0 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 019BBFB0 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtReadFileScatter 7C90D9C0 5 Bytes JMP 02210159 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 019C0930 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtWriteFileGather 7C90DF70 5 Bytes JMP 02210108 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00461EB1 C:\Program Files\Aurora\mozglue.dll .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 004503FC .text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 021DD434 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 021DD411 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 019BC868 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\Aurora\firefox.exe[2636] user32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 020EADC8 C:\Program Files\Aurora\xul.dll .text C:\Program Files\Aurora\firefox.exe[2636] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 021DD392 C:\Program Files\Aurora\xul.dll .text C:\totalcmd\TOTALCMD.EXE[3232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\totalcmd\TOTALCMD.EXE[3232] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\Diagnostyka\x127lq12.exe[3292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\Diagnostyka\x127lq12.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\G-VGA.exe[3784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\G-VGA.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).left 44 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).top 58 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).right 844 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).bottom 658 ---- EOF - GMER 2.1 ---- Pozdrawiam FRST.txt Addition.txt OTL.Txt OTL.Txt Extras.Txt checkup.txt