Promilos Opublikowano 26 Lutego 2012 Zgłoś Udostępnij Opublikowano 26 Lutego 2012 Witam. Dawno mnie tu nie było Od paru dni mam problem z komputerem,uruchamia się 10min a potem strasznie muli.Programy czy internet otwierają sie po 2min,nie moge właczac więcej programów naraz bo sie wiesza.Nie wiem od czego to sie stało proszę o pomoc.Nie moge loga gmer załączyć więc wstawie go tu sory. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-26 19:23:42 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 ST3500320AS rev.SD15 Running: 694xbme4.exe; Driver: C:\DOCUME~1\ADMINI~1.BLA\USTAWI~1\Temp\uxrdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB3961610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB3961C10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB3961730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB39614B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB3961570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB39616D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB3961790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB3961690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB3961650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB39617D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB3961510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB3961590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB39614D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB39615D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB3961750] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB63ED3C0, 0x95AECA, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[320] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!DefWindowProcA + 11A 7E36D5F0 7 Bytes JMP 0051BF70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!SetWindowRgn + 2C0 7E37057D 7 Bytes JMP 0051BE30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!SetClipboardData + 19D 7E38112B 7 Bytes JMP 0051BF50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!MessageBoxA + 49 7E3A074B 7 Bytes JMP 0051C040 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!MessageBoxExW + 1F 7E3A076F 7 Bytes JMP 0051C090 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[764] USER32.dll!MessageBoxTimeoutA + CA 7E3B6420 7 Bytes JMP 0051BFC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software) .text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 012AB750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\PSAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINDOWS.0\Explorer.EXE[212] @ C:\WINDOWS.0\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINDOWS.0\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0x3F 0x2D 0x16 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4E 0x3F 0x2D 0x16 ... Reg HKLM\SOFTWARE\Classes\CLSID\{78645976-9026-4cf1-92cf-6bbb1a253e57}@Model 54 Reg HKLM\SOFTWARE\Classes\CLSID\{78645976-9026-4cf1-92cf-6bbb1a253e57}@Therad 21 Reg HKLM\SOFTWARE\Classes\CLSID\{78645976-9026-4cf1-92cf-6bbb1a253e57}@MData 0x73 0xD5 0xCF 0xB8 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xCE 0x00 0x75 0x8D ... ---- EOF - GMER 1.0.15 ---- Extras.Txt OTL.Txt Odnośnik do komentarza
Landuss Opublikowano 26 Lutego 2012 Zgłoś Udostępnij Opublikowano 26 Lutego 2012 Według logów infekcji tutaj nie należy się spodziewać. Temat zmienia dział. Pierwszym podejrzanym na podstawie logów jest niestety sam ESET. Na próbę do odinstalowania aby sprawdzić stan systemu bez jego obecności w nim. Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się