x-kom hosting

Rootkit help

xentaxa
utworzono
utworzono

Chyba Rootkit potrzebna pomoc.

Witam wszystkich ,mam problem z systemem a objawia się nadmierny zużyciem zasobów: procesora, pamięci i dziwnie zachowujący się dysk (ciągle aktywny) ogólnie system strasznie zwalnia programy uruchamiają się bardzo wolno explorer się wiesza itp. oto log z gmera jak ktoś wie co z tym zrobić to bardzo proszę o pomoc. GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-11 16:16:52
Windows 6.1.7600
Running: vicuwbyk.exe; Driver: C:\Users\Sise\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT 858E6B70 ZwAlertResumeThread
SSDT 858E6C50 ZwAlertThread
SSDT 858E4570 ZwAllocateVirtualMemory
SSDT 8579EBB8 ZwAlpcConnectPort
SSDT 858E6318 ZwAssignProcessToJobObject
SSDT 858E68C0 ZwCreateMutant
SSDT 858F1008 ZwCreateSymbolicLinkObject
SSDT 858E06E0 ZwCreateThread
SSDT 858E6128 ZwCreateThreadEx
SSDT 858E63F8 ZwDebugActiveProcess
SSDT 858E4740 ZwDuplicateObject
SSDT 858DF370 ZwFreeVirtualMemory
SSDT 858E69B0 ZwImpersonateAnonymousToken
SSDT 858E6A90 ZwImpersonateThread
SSDT 8583CC18 ZwLoadDriver
SSDT 858DF270 ZwMapViewOfSection
SSDT 858E67E0 ZwOpenEvent
SSDT 858E0588 ZwOpenProcess
SSDT 858E4660 ZwOpenProcessToken
SSDT 858E6620 ZwOpenSection
SSDT 858E0498 ZwOpenThread
SSDT 858E6228 ZwProtectVirtualMemory
SSDT 858E6D30 ZwResumeThread
SSDT 858E6FD0 ZwSetContextThread
SSDT 858DF0A0 ZwSetInformationProcess
SSDT 858E64D8 ZwSetSystemInformation
SSDT 858E6700 ZwSuspendProcess
SSDT 858E6E10 ZwSuspendThread
SSDT 858DB4A8 ZwTerminateProcess
SSDT 858E6EF0 ZwTerminateThread
SSDT 858DF190 ZwUnmapViewOfSection
SSDT 858E4480 ZwWriteVirtualMemory

INT 0x30 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82823CA4
INT 0x38 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82814C6C

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8286F8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8288F3B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139B 82896628 8 Bytes [70, 6B, 8E, 85, 50, 6C, 8E, ...] {JO 0x6d; MOV ES, [EBP-0x7a7193b0]}
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82896640 4 Bytes [70, 45, 8E, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 8289664C 4 Bytes [B8, EB, 79, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 1413 828966A0 4 Bytes [18, 63, 8E, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 8289671C 4 Bytes [C0, 68, 8E, 85] {SHR BYTE [EAX-0x72], 0x85}
.text ...
? System32\Drivers\spkc.sys System nie może odnaleźć określonej ścieżki. !
.text USBPORT.SYS!DllUnload 91B86CA0 5 Bytes JMP 864651D8
.text aorewt0c.SYS 929C4000 22 Bytes [70, 46, 81, 82, 94, 49, 81, ...]
.text aorewt0c.SYS 929C4017 85 Bytes [00, DE, D7, 30, 89, E6, D5, ...]
.text aorewt0c.SYS 929C406D 29 Bytes [C0, 86, 82, 50, E1, 88, 82, ...]
.text aorewt0c.SYS 929C408B 19 Bytes [82, 9C, E3, 88, 82, CC, 33, ...]
.text aorewt0c.SYS 929C409F 34 Bytes [82, C0, AC, 86, 82, E8, D0, ...]
.text ...
.text peauth.sys 946A3C9D 28 Bytes [C4, 3E, 22, 5A, BF, 6B, 38, ...]
.text peauth.sys 946A3CC1 28 Bytes [C4, 3E, 22, 5A, BF, 6B, 38, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [89233C4C] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [89233CA0] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89203042] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [892036D6] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89203800] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8920313E] \SystemRoot\System32\Drivers\spkc.sys
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortStallExecution] FFEC9FE8
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECD8E800
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01
IAT \SystemRoot\System32\Drivers\aorewt0c.SYS[NTOSKRNL.exe!KeTickCount] 74000000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757C5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757C5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757C5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757C5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 848761F8
Device \FileSystem\udfs \UdfsCdRom 870F81F8
Device \FileSystem\udfs \UdfsDisk 870F81F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{21623726-D6AF-42FD-ADA6-CB2E62FF1245} 858681F8
Device \Driver\volmgr \Device\VolMgrControl 848721F8
Device \Driver\usbuhci \Device\USBPDO-0 864661F8
Device \Driver\usbuhci \Device\USBPDO-1 864661F8
Device \Driver\usbuhci \Device\USBPDO-2 864661F8
Device \Driver\usbuhci \Device\USBPDO-3 864661F8
Device \Driver\usbehci \Device\USBPDO-4 86469500

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\volmgr \Device\HarddiskVolume1 848721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 848721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 857961F8
Device \Driver\volmgr \Device\HarddiskVolume3 848721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 857961F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848741F8
Device \Driver\atapi \Device\Ide\IdePort0 848741F8
Device \Driver\atapi \Device\Ide\IdePort1 848741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 848741F8
Device \Driver\volmgr \Device\HarddiskVolume4 848721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D5BB0262-F96D-46F7-AC56-976C9819C42F} 858681F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 858681F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\0000005d halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 864661F8
Device \Driver\sptd \Device\3553689984 spkc.sys
Device \Driver\PCI_PNP7104 \Device\0000006c spkc.sys
Device \Driver\usbuhci \Device\USBFDO-1 864661F8
Device \Driver\usbuhci \Device\USBFDO-2 864661F8
Device \Driver\usbuhci \Device\USBFDO-3 864661F8
Device \Driver\usbehci \Device\USBFDO-4 86469500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3865C289-586A-4ADC-99F8-5079E377AC4F} 858681F8
Device \Driver\aorewt0c \Device\Scsi\aorewt0c1Port2Path0Target0Lun0 867181F8
Device \Driver\aorewt0c \Device\Scsi\aorewt0c1 867181F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00037a2944d2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0x78 0xFF 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0xE1 0x08 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x9E 0xD7 0x52 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00037a2944d2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAD 0x78 0xFF 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9B 0xE1 0x08 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x9E 0xD7 0x52 0xD7 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION E1AAC2433C2CB97B9CCFED47CD2808BA14BB5431F4690BA5C231A1A0E48CC594D4E6FADAB88687A19845BC0CA48DA8C872F5CADB3B52E56D6FC66ED03F06482058DBC48983B318C1DEABBB3860EBE66A5AD2A382B33622A88DB34A9D76E13D0E85E3AEC45D98E58B0374B87F09C8CC9A72790CB44F60F9C17BF066900550B1D6946E8B36E76870A235A2C7C68C80EBCD88A17A3663702E16408D366B49D437E3E58071BCAAADB8A0CECE3F2AB941D6E58E1A26FD295A847885ACF423054AE515FC2FB96893464710CBA53B78460EA5BD17428A373F66C52D99831EDFDFDBD33E7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74C8EDD5E5BE2F6E667D7E74DDE8C17CA5623FCD3036AE28C2D1D0F0A2F39C68F3B5ABE13706B2BE1711F5B9129FCA71A810906C9A7BEA6603479D994C3EC9F49D65932A99319DA09B3A9F2AD3161C8689B61E79A867CE61685A13972B40BB94132B0614585C751886BD0BF846E7ADCB0CCDCB8A71F4757B89FB962202ABB38B0C297C121B4C440E629801BADB7DBC6E7DD3BCF8552182BC8267A4FD0307F42C0275B0FAAF5B3DF1C213C21F5CCECF1F23D55CB7CE73B9DB6DF2DBE68B4A57F939D5D4986030D6C962F17B15BCC6AC7AAFA130E8888536CE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 429793A1D816CFBE08EDA952A56E8D412D5848AFE395BCE0F957C9925B3E2E7486D8D2C29C115EA580D182DF3410CA66CC69F6682F0C9D77ED2E9BBFF0A22182496AC7D2D8528FBAAB7332C3B01FA397A89D2F29F943861AC833C1DAFA70082304FBFED32725A45A0EDB389ED40EDC24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452FEBC9E127BECC74CA9C6AECB7A5D140794473A8337CA30E21EC778D075F479BB5340AA326A2F4DCF96698BE1BB8E55F10421EA23041BEC273A0A62AF85B382977AB2D038B37EB6181252B2F17E6CDCBD19903CB5FECDBD08FDE4C9AD686F359462FA25154ED395E6C6B1920535F0E23D86A1AF537D03DB7A293DA884107351187777B5C3E9C3CD326CFC6AF6ED971018F1015B5A87C353F6ED1988B1216E668D97A6218369C694F6314C92E766C35E7C7601EAEB59F805FB73A40A7875745B649A2C1C57E2B8F535365D71BC123A201921179BEB64EF250B54ACDE5D9A7C698D45516E0620DB506F1090069D992476A4735DC004CCDDBD2A21A44E2CD2631E005580F51BA0D155AD48EA61F5D78DDAD564913EA16A57AAE25BA335F21366DC37F94AA1E597248E7B5A9627765CEA98EADD9591F64AD61D427AE5828204A9D9325862F679E8C0D3E8395E9392E90FCF2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 3DCEA78F66503ED31AFEFA4E58674EC941E918CB08E70A13C1E67B1BAE4E08D6D909F694C32B25BC675C87E6D0AEFD789E2DF5B314B1B67B1E65403C77E114234476E226D36C640461D263C086C2B53C30FA33EC536E61602512E1059C7562680711975E6446FE42E1F8ED57A4413EDDBC220873EDC538572A170B90E358253123F9D61C7953C993B5069D690BABB4287D95BE0AC1BF3BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D6794C038D530D6EB34524472724A0A395DA03F8B45BB30B849458C84021B10615417516A96F58EBE902D42A4A832DF0D556D7F72A96E609B0C12F43A6C3000829383542051E4CBA8B2039AF6FE35EF131D9D26FC30A1DF1281FBDF638AF3FD2BB174EEB20D84DDE7CC767E6F064112620CC4969BA1978AAE0EFA8201809F020D3A64C6CEE69EFE6DB42CA506F35661C7624BB8B4EAA67BBC76DB1684147D4B0D9C2807941E15B15AA119CC28200BBD413EECFAA320B916B7E63FD85530EBDCC4AC63DD17175C35863088B3378809CC82A7384CB476CEFDCEEC1B0C4EE4DE7C02218FFE5FD7FB927AE0991D07CD0CF5740791A22A47F71CE7FA36753FE4DDB2C6167CA0E70F0F95F6993E50E034E465312A3175BA10DA9E9BE5AE5F6A8583CE470BCA7
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
a to log z HijackThis . Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:10, on 2009-10-11
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Sise\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Dołącz obiekt docelowy łącza do istniejącego pliku PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konwertuj obiekt docelowy łącza na plik Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: EBDBN - Unknown owner - C:\Users\Sise\AppData\Local\Temp\EBDBN.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: GWCXHNOT - Unknown owner - C:\Users\Sise\AppData\Local\Temp\GWCXHNOT.exe (file missing)
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JJLQTGCF - Unknown owner - C:\Users\Sise\AppData\Local\Temp\JJLQTGCF.exe (file missing)
O23 - Service: LEVJFYAQTBT - Unknown owner - C:\Users\Sise\AppData\Local\Temp\LEVJFYAQTBT.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UQX - Unknown owner - C:\Users\Sise\AppData\Local\Temp\UQX.exe (file missing)

--
End of file - 9338 bytes
:(:(:(

Gość
komentarz
komentarz

Daj log z ComboFixa: http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303

.

xentaxa
komentarz
komentarz

[quote name='KamilJB' date='12 październik 2009 - 07:01 ' timestamp='1255327300' post='878843']
Daj log z ComboFixa: http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303

.
[/quote]
niestety ComboFix na windows 7 nie działa ,próbowałam już kilka razy

Gość
komentarz
komentarz

Daj log z OTL: http://www.forumpc.pl/index.php?showtopic=104338&st=0&p=728645&fromsearch=1&#entry728645


.

xentaxa
komentarz
komentarz

[quote name='KamilJB' date='12 październik 2009 - 14:14 ' timestamp='1255353250' post='878978']
Daj log z OTL: http://www.forumpc.pl/index.php?showtopic=104338&st=0&p=728645&fromsearch=1&#entry728645


.
[/quote]
Prosze oto log z OTL

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.