kazkus
-
Postów
27 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez kazkus
-
-
Witam serdecznie
Mam staruszka , słaby, po iluś formatach, nawet miałem 7 i chodził.Coś się działo i wróciłem do XP. Z początku chodził super, podkręciłe go trochę ( dawno temu trochę uczył mnie TATA na cybertrash ) o ile się nie mylę.Teraz strasznie wolno się otwiera, często robi się jakby stop klatka, zaczyna mieć problemy z aplikacjami. Ostatnio zamknął mi utorrent - pojawia się komunikat o zamknięciu aplikacji. ( nie można jej otworzyć- zaawsze ten kom. o zamknięciu z powodu problemu.).
Znalazłem nawet Firefoksa aurora , słyszałem że chodzi lepiej i szybciej. Może ale szybciej się nie otwiera niż normalny.
Bardzo prozę o pomoc bo znowu zanosi się na F:C.
Używam od czasu do czasu CCleaner Profesional v 4.05.4250. Nie używam malwarebytes anti- malware ponieważ spowalnia mi jeszcze system.
Załanczam raporty:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-04 14:28:35
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340823A rev.3.39 37,27GB
Running: x127lq12.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\fwkdikoc.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEDD93B10]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEDD945EE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xEDDD843E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xEDDA05E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEDDA062C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEDDA07C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xEDDD7DF2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xEDDA054E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xEDDA0670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEDDA0596]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xEDD94B24]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xEDDA0780]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEDD953DC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEDD93B76]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xEDDD8B04]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEDDD8DBA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEDD98B58]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEDDD896F]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEDDD87DA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xEDD9375E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEDD93BDC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEDD98F4E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEDD95E6C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xEDDA060A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEDDA064E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEDDA07EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xEDDD814E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xEDDA0574]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xEDD98452]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xEDDA06FE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEDDA05BE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xEDD9883A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xEDDA07A4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEDE490CC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xEDDD8655]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xEDD95D38]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEDDD84A7]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEDD9588E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xEDE56F22]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xEDDD7438]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEDD93C42]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEDD93CA8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xEDD95256]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEDD937F8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEDD939CE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xEDDD8C0B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEDD9395C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEDD955A6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xEDD95708]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEDD93A56]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEDD95094]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xEDD95236]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xEDD93D0E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEDD9464A]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, 07, DA, ED]
.text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, 3C, D9, ED, A8, 3C, D9, ...] {INC EDX; CMP AL, 0xd9; IN EAX, DX; TEST AL, 0x3c; FLDLN2 ; PUSH ESI; PUSH EDX; FLDLN2 }
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, 55, D9, ED, 08, 57, D9, ...] {CMPSB ; PUSH EBP; FLDLN2 ; OR [EDI-0x27], DL; IN EAX, DX; PUSH ESI; CMP BL, CL; IN EAX, DX}
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EDD96519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[740] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1720] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\totalcmd\TC UP.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\totalcmd\TC UP.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 019C0050 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtFlushBuffersFile 7C90D310 5 Bytes JMP 019BC14F C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 019BFCF0 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 019BBFB0 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtReadFileScatter 7C90D9C0 5 Bytes JMP 02210159 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 019C0930 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!NtWriteFileGather 7C90DF70 5 Bytes JMP 02210108 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00461EB1 C:\Program Files\Aurora\mozglue.dll
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Aurora\firefox.exe[2636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 004503FC
.text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 021DD434 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 021DD411 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 019BC868 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Aurora\firefox.exe[2636] user32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 020EADC8 C:\Program Files\Aurora\xul.dll
.text C:\Program Files\Aurora\firefox.exe[2636] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 021DD392 C:\Program Files\Aurora\xul.dll
.text C:\totalcmd\TOTALCMD.EXE[3232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\totalcmd\TOTALCMD.EXE[3232] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\Administrator\Pulpit\Diagnostyka\x127lq12.exe[3292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Documents and Settings\Administrator\Pulpit\Diagnostyka\x127lq12.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\G-VGA.exe[3784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\G-VGA.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[816] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).left 44
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).top 58
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).right 844
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\177\Shell@WinPos1440x900(1).bottom 658
---- EOF - GMER 2.1 ----
Pozdrawiam
Zamulony system
w Windows XP
Opublikowano
Dzięki serdeczne.
Zrobiłem chyba wszystko, ale nie wyszło chyba zbyt dobrze.
Czyszczenie po GMERZe chyba nie wyszło tak jak trzeba, (Nie wiem jak wysłać grafikę - opiszę)
Kanał podstawowy IDE -
tryb urządzenia - nieaktywny
tryb transferu - DMA jeśli dostępne
bierzący tryb transferu - Tryb PIO
Kanał Pomocniczy IDE
bierzący tryb transferu - Ultra DMA tryb 2
Nie wiem czy tak ma być.
Pozdrawiam
DelFix.txt