bengrush

Rzeczywiście Avast już nie wykrywa zagrożeń (zarówno spod Windowsa jak i rozruchu). Jeszcze raz bardzo dziękuję. Plik fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by bengrush at 2014-03-15 21:35:43 Run:1 Running from C:\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** URLSearchHook: HKCU - (No Name) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No File SearchScopes: HKLM - DefaultScope value is missing. S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 WinPhlash; \??\C:\WINDOWS\TEMP\WINPHLASH\PHLASHNT.SYS [X] Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ***************** HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d43723ae-1ae1-4a25-a6a4-bf0929273cab} => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. huawei_wwanecm => Service deleted successfully. WinPhlash => Service deleted successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomylnie. ========= End of Reg: ========= ========= reg add "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" /v DefaultScope /t REG_SZ /d {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /f ========= Operacja ukoäczona pomylnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomylnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomylnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomylnie. ========= End of Reg: ========= ==== End of Fixlog ====

Witam! Chciałbym prosić o pomoc w usunięciu tego wirusa. Podczas skanowania Avastem przy rozruchu systemu pojawia się kilkukrotnie komunikat o znlezieniu BProtect-D w plikach archiwum w katalogu \...\Internet Temporary Files\content.ie5\9GNK1U8P\pack[1].7z i avast nic nie może z tym zrobić. Dodatkowo log z Gmer-a nie chce zostać przesłany, pojawia się komunikat "Nie masz uprawnień do przesyłania tego typu plików". Załączam go tutaj: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-13 21:25:35 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009 298,09GB Running: pjpxvb74.exe; Driver: C:\Users\bengrush\AppData\Local\Temp\kxlcqpod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90A4FACC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90A505AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x90A5C692] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90A5C6DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90A5C878] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x90A5C600] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x90B06426] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90A5C648] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x90A50AE0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x90A50CFC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x90A5C832] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90A51398] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90A4FB32] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90A54BE4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x90A4F71E] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90B06506] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90A4FB98] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90A54FDA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90A51EDE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x90A5C6BC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90A5C700] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90A5C89C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x90A5C626] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x90A544DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x90A5C7B0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90A5C670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x90A548C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x90A5C856] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90B062AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x90A51CF4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90A51A02] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90A4FBFE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90A4FC64] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x90B06602] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90A4F7B8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90A4F98A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90A4F918] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90A51562] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x90A516C4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90A4FA12] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x90B06378] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x90A511F2] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x90A4FCCA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x90A50606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C80A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CC1460 4 Bytes [CC, FA, A4, 90] {INT 3 ; CLI ; MOVSB ; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CC14E8 4 Bytes [AA, 05, A5, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CC153C 8 Bytes [92, C6, A5, 90, DE, C6, A5, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CC1548 4 Bytes [78, C8, A5, 90] {JS 0xffffffca; MOVSD ; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CC1564 4 Bytes [00, C6, A5, 90] {ADD DH, AL; MOVSD ; NOP } .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E7C4DF 4 Bytes CALL 90A525C5 \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E96347 4 Bytes CALL 90A525DB \??\C:\Windows\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9180B000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskhost.exe[112] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Program Files\blueconnect Z\UIExec.exe[528] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] ntdll.dll!LdrUnloadDll 7772C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] ntdll.dll!LdrLoadDll 777322AE 5 Bytes JMP 6E6E1FFD C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 7657941E 7 Bytes JMP 57C1049D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] KERNEL32.dll!QueryPerformanceCounter + 13 7657C425 7 Bytes JMP 57C10455 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] KERNEL32.dll!LoadAppInitDlls + 355 7657F4E6 7 Bytes JMP 57825A06 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] KERNEL32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4032] GDI32.dll!GetViewportOrgEx + 26C 7628884B 7 Bytes JMP 57C104C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\System32\svchost.exe[4836] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Users\bengrush\Downloads\pjpxvb74.exe[5580] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[6020] kernel32.dll!GetBinaryTypeW + 70 765969E4 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74102546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[1836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e370e3438 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e370e3438@9471ac2ab711 0x27 0x93 0xAE 0x86 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e370e3438 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e370e3438@9471ac2ab711 0x27 0x93 0xAE 0x86 ... ---- EOF - GMER 2.1 ---- Addition.txt Extras.Txt FRST.txt OTL.Txt Shortcut.txt