biala

temat zamykam komputer oddalam do naprawy. za wszystko dziękuję

Dodaje raport z gmer. Mam pytanie odnoszące się do sterownika protokołu TCP/IP gdzie mogę pobrac taki pilik? GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-10 21:40:47 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\0000006c ST3120813AS rev.3.AAD Running: dvvmw88g.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pwliqpoc.sys ---- System - GMER 1.0.15 ---- SSDT a347bus.sys ZwClose [0xBA78D028] SSDT a347bus.sys ZwCreateKey [0xBA78CFE0] SSDT a347bus.sys ZwCreatePagingFile [0xBA780B00] SSDT a347bus.sys ZwEnumerateKey [0xBA7815DC] SSDT a347bus.sys ZwEnumerateValueKey [0xBA78D120] SSDT a347bus.sys ZwOpenFile [0xBA780B40] SSDT a347bus.sys ZwOpenKey [0xBA78CFA4] SSDT a347bus.sys ZwQueryKey [0xBA7815FC] SSDT a347bus.sys ZwQueryValueKey [0xBA78D076] SSDT a347bus.sys ZwSetSystemPowerState [0xBA78C550] ---- Kernel code sections - GMER 1.0.15 ---- ? a347bus.sys Nie można odnaleźć określonego pliku. ! ? a347scsi.sys Nie można odnaleźć określonego pliku. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0144C650 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0144C600 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01448850 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01449AB0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0144B3C0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01449D20 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01449B30 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0144A9C0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0144C300 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0144C340 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0144C6E0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0144C1C0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0144B320 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0144A2E0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01449C90 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0144A010 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0144CC60 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0144AD10 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0144B180 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0144B840 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0144B5D0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0144B7C0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0144BCA0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0144B9B0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01449C00 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0144A190 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0144C420 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0144B710 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0144B2C0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0144B140 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0144B4D0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0144C700 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0144B510 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 0144C9A0 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 0144C940 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 0144CB90 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 0144CC30 IAT C:\Program Files\Registry Mechanic\RegMech.exe[212] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 0144CA60 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A304378 Device \FileSystem\Fastfat \FatCdrom 8918DD40 Device \Driver\Cdrom \Device\CdRom0 89FCDD68 Device \FileSystem\Rdbss \Device\FsWrap 898856F0 Device \Driver\Cdrom \Device\CdRom1 89FCDD68 Device \FileSystem\Srv \Device\LanmanServer 89198E58 Device \Driver\nvatabus \Device\0000006a 89F59290 Device \Driver\nvatabus \Device\0000006c 89F59290 Device \Driver\nvatabus \Device\NvAta0 89F59290 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8988F6F0 Device \Driver\nvatabus \Device\NvAta1 89F59290 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8988F6F0 Device \FileSystem\Npfs \Device\NamedPipe 8A07AEA0 Device \FileSystem\Msfs \Device\Mailslot 898A1700 Device \Driver\a347scsi \Device\Scsi\a347scsi1 8A0D3008 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 8A0D3008 Device \FileSystem\Fastfat \Fat 8918DD40 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 898A26F0 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 898A26F0 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 898A26F0 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 898A26F0 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 898A26F0 Device \FileSystem\Cdfs \Cdfs 8A0B1330 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0x5E 0xEB 0x3B 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej41 0xD6 0xE7 0x3B 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej42 0x0F 0xF1 0x3B 0xF0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ----

Problemy zaczęły się kilka dni temu gdy nie mogłam połaczyć sie z internetem i pokazywał się dymek z informacją, że zapora systemowa jest wyłączona. Zapory w żaden sposób nie idzie włączyc do tego komputer chodzi bardzo wolno. OTL.Txt Extras.Txt

bardzo dziękuję za pomoc

dodaje log po wykonanu skryptu All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\"Start"|dword:00000004 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\\"Start"|dword:00000004 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\\"Start"|dword:00000004 /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B278C6F-EC6B-3477-311E-6342928C69FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B278C6F-EC6B-3477-311E-6342928C69FF}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. ========== OTL ========== videoacceleratorengine removed from NetSvcs value successfully! Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename Prefs.js: "BearShare Web Search" removed from browser.search.order.1 Prefs.js: "http://www.questbrowser.com/?tmp=nemo_results_removelink&prt=QstbrsrNN&keywords=" removed from keyword.URL ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 6513871 bytes ->Temporary Internet Files folder emptied: 869735 bytes ->Java cache emptied: 29644268 bytes ->FireFox cache emptied: 50452631 bytes ->Opera cache emptied: 37476187 bytes ->Flash cache emptied: 55153180 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService i nowy log OTL.Txt

po wklejeniu i kliknieciu polecenia wykonaj skrypt komputer zawiesza się a OTL się wyłącza musiałam zresetować system

Nie uzyskałam logu z punktu drugiego (chyba, że gdieś sie zagubił). Po wykonaniu polecenia 3 zrobiłam nowy bez dodatkowego warunku (OTL2.Txt) oraz z dodatkowym warunkiem(OTL3.Txt). Wszystko wróciło do normy bardzo dziękuje:) OTL2.Txt OTL3.Txt

dodaje: OTL.Txt ComboFix.txt

Komputer chodzi wolno, nie zapisują się pliki pobrane, ukryte pliki nie chcą się pokazać, wszystkie wyniki wyszukiwania Google prowadzą na "abnow". OTL.Txt Extras.Txt