adamus89

Anti-Malware: Malwarebytes Anti-Malware (Okres testowy) 1.61.0.1400 www.malwarebytes.org Wersja bazy: v2012.06.14.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 AdAmUs :: MYDELL [administrator] Ochrona: Wyłączona 2012-06-14 18:59:41 mbam-log-2012-06-14 (18-59-41).txt Typ skanowania: Pełne skanowanie Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: P2P Przeskanowano obiektów: 548199 Upłynęło: 2 godzin(y), 40 minut(y), 5 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 0 (Nie znaleziono zagrożeń) Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 2 C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd4a344c6bea9c.0000 (Rootkit.0Access) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. E:\DOWNLOADS\USBFormat\usb_format.exe (Packer.ModifiedUPX) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. (zakończone)

FSS: Farbar Service Scanner Version: 09-06-2012 Ran by AdAmUs (administrator) on 14-06-2012 at 17:59:18 Running from "C:\Users\AdAmUs\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 15:17] - [2012-04-24 07:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

log pkt. 2: All processes killed ========== FILES ========== C:\Windows\Installer\{9c33fa7e-694f-0fe1-247a-7eb60fdeda05}\U folder moved successfully. C:\Windows\Installer\{9c33fa7e-694f-0fe1-247a-7eb60fdeda05}\L folder moved successfully. C:\Windows\Installer\{9c33fa7e-694f-0fe1-247a-7eb60fdeda05} folder moved successfully. File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found. File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found. C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AdAmUs ->Temp folder emptied: 107054921 bytes ->Temporary Internet Files folder emptied: 12924617 bytes ->FireFox cache emptied: 60906849 bytes ->Flash cache emptied: 1260 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MsDtsServer110 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: MSSQLFDLauncher ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: MSSQLSERVER ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: MSSQLServerOLAPService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Public User: ReportServer ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: SQLSERVERAGENT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4223628 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36064558 bytes RecycleBin emptied: 7661152 bytes Total Files Cleaned = 219,00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06142012_162813 Files\Folders moved on Reboot... C:\Users\AdAmUs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... OTL: http://wklej.to/Vk4DS OTL Extras: http://wklej.to/x5ItA FSS: Farbar Service Scanner Version: 09-06-2012 Ran by AdAmUs (administrator) on 14-06-2012 at 17:00:51 Running from "C:\Users\AdAmUs\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 15:17] - [2012-04-24 07:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Za dopisanie się do innego wątku przepraszam. cbs.log: 2012-06-14 15:46:59, Info CSI 00000009 [sR] Verifying 1 components 2012-06-14 15:46:59, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-06-14 15:47:00, Info CSI 0000000c [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-14 15:47:00, Info CSI 0000000e [sR] Verify complete 2012-06-14 15:47:00, Info CSI 0000000f [sR] Repairing 1 components 2012-06-14 15:47:00, Info CSI 00000010 [sR] Beginning Verify and Repair transaction 2012-06-14 15:47:00, Info CSI 00000012 [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-14 15:47:00, Info CSI 00000014 [sR] Repair complete 2012-06-14 15:47:00, Info CSI 00000015 [sR] Committing transaction 2012-06-14 15:47:00, Info CSI 00000019 [sR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation. 2012-06-14 15:47:00, Info CSI 0000001a [sR] Repairing 1 components 2012-06-14 15:47:00, Info CSI 0000001b [sR] Beginning Verify and Repair transaction 2012-06-14 15:47:00, Info CSI 0000001d [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-14 15:47:01, Info CSI 0000001f [sR] Repair complete

Witam, ja tak samo jak użytkownik krab13 mam problem z 80000000.@ jak i 80000032.@, 80000064.@ etc. Pliki znajdują się w folderze C:\Windows\Installer\{9c33fa7e-694f-0fe1-247a-7eb60fdeda05}\U Proces SVCHOST.EXE *32 zużywa mi 100% procesora. OTL -> http://wklej.to/B4Ze9 EXTRAS -> http://wklej.to/tVu6y FRST -> http://wklej.to/IPAB3 SystemLook -> http://wklej.to/wOZTq HitmanPro usunął dwa pliki Dekstop.ini C:\Windows\assembly\GAC_32\Dekstop.ini C:\Windows\assembly\GAC_64\Dekstop.ini Z góry dziękuje za pomoc. Pozdrawiam.