Witam! Od około 2-3 tygodni mam problemy z dostępem do zapory i znacznym spowolnieniem pracy komputera.
Avira wykryła wirusy TR/ATRAPS.Gen i TR/ATRAPS.Gen2, po czym przesuneła je do kwarantanny (co powiodło się dopiero po aktualizacji Aviry), jednak nic to nie naprawiło.
Wklejam log z gmera, ponieważ na koncie administratora pisze: "Nie masz uprawnień do wysyłania tego typu plików"
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 15:18:57
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BB-00GUC0 rev.08.02D08
Running: ksh4bgj4.exe; Driver: C:\DOCUME~1\Migdal\USTAWI~1\Temp\pweoafod.sys
---- System - GMER 1.0.15 ----
SSDT F7C804A4 ZwClose
SSDT F7C8045E ZwCreateKey
SSDT F7C804AE ZwCreateSection
SSDT F7C80454 ZwCreateThread
SSDT F7C80463 ZwDeleteKey
SSDT F7C8046D ZwDeleteValueKey
SSDT F7C8049F ZwDuplicateObject
SSDT F7C80472 ZwLoadKey
SSDT F7C80440 ZwOpenProcess
SSDT F7C80445 ZwOpenThread
SSDT F7C804C7 ZwQueryValueKey
SSDT F7C8047C ZwReplaceKey
SSDT F7C804B8 ZwRequestWaitReplyPort
SSDT F7C80477 ZwRestoreKey
SSDT F7C804B3 ZwSetContextThread
SSDT F7C804BD ZwSetSecurityObject
SSDT F7C80468 ZwSetValueKey
SSDT F7C804C2 ZwSystemDebugControl
SSDT F7C8044F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF74CE000, 0xC0A, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6C3A000, 0x2131D7, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA327D300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF79C0300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 867D9B40
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867D9B40
Device \Driver\atapi \Device\Ide\IdePort1 867D9B40
Device \Driver\atapi \Device\Ide\IdePort2 867D9B40
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867D9B40
Device \Driver\atapi \Device\Ide\IdePort3 867D9B40
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
---- EOF - GMER 1.0.15 ----
Extras.Txt
OTL.Txt