Skocz do zawartości

luna999

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    7

  • Dołączył

  • Ostatnia wizyta

 Typ zawartości 

Treść opublikowana przez luna999

  1. luna999
    Siedział w START-PROGRAMY, mimo, że był wykasowany przez Panel sterowania. Kilknęłam na próbę i nic się nie działo, więc przeszłam do sprzątania z OTL. Zaraz po restarcie wyskoczył, więc raczej go nie ściągnęłam z netu, bo nie miałam uruchomionej przeglądarki.. Zalecone punkty wykonane. Raport w załączeniu. Przy okazji, tośka znów czyta CD/DVD, czy stacja była zablokowana przez ZeroAccess? Miałam też problemy z podłączeniem Orange Free, czy teraz będę mogła? Mógłbyś mi pomóc odinstalować niedziałające antywirusy? Mam ich pewnie jeszcze kilka.. NP. ciągle mi się włącza fast scan, ale nie wiem jak go usunąć. Dzięki L. !! OTLIII.Txt
  2. luna999
    Landuss, mam problem. Usunęłam go z programów. Posprzątałam z OTL. A po restarcie niespodzianka: LSP się ZREAKTYWOWAŁ!!! Przesyłam logi. Co za franca... GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-03 02:42:35 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-07LAT0 rev.01.06M01 Running: 2bv8jkyi.exe; Driver: C:\DOCUME~1\Ola\USTAWI~1\Temp\kwlcipow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[512] ole32.dll!OleLoadFromStream 77508C62 5 Bytes JMP 407A4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] ole32.dll!CoCreateInstance 77516009 5 Bytes JMP 406ADB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!CallNextHookEx 77D3ED6E 5 Bytes JMP 4069D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!CreateWindowExW 77D41AD5 5 Bytes JMP 406ADB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!DialogBoxParamW 77D46702 5 Bytes JMP 405D54C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!DialogBoxParamA 77D488E1 5 Bytes JMP 407A47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!DialogBoxIndirectParamW 77D52598 5 Bytes JMP 407A480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!MessageBoxIndirectA 77D5AEF1 5 Bytes JMP 407A4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 406A9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 4061467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!MessageBoxExW 77D70559 5 Bytes JMP 407A4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!MessageBoxExA 77D7057D 5 Bytes JMP 407A4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!DialogBoxIndirectParamA 77D76CED 5 Bytes JMP 407A4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[340] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[512] USER32.dll!MessageBoxIndirectW 77D860B7 5 Bytes JMP 407A46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Extras po reaktywacji.txt OTLpo reaktywacji .Txt
  3. luna999
    LSP jest wciąż widoczny w programach, mimo, że okienka już się nie pojawiają. Pozdrawiam. SystemLook 30.07.11 by jpshortstuff Log created at 12:14 on 02/08/2012 by Ola Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="C:\WINDOWS\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\System32\shdocvw.dll" "ThreadingModel"="Apartment" -= EOF =-
  4. luna999
    Ludzie!!!!!!!!!! Udało się !!!!!!! Nie ma ścierwa!!!!! Dzięki temu serwisowi nawet pierdoła podoła Dziękuję i jeszcze GMER na wszelki wypadek.. (poprzedni był na trybie awaryjnym) SystemLook 30.07.11 by jpshortstuff Log created at 14:38 on 01/08/2012 by Ola Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (No values found) [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] "ThreadingModel"="Both" @="C:\Documents and Settings\Ola\Ustawienia lokalne\Dane aplikacji\{5c46bd94-a63c-9b2e-7a22-0677688231dd}\n." [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="C:\WINDOWS\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\System32\shdocvw.dll" "ThreadingModel"="Apartment" -= EOF =- OTL2.Txt Gmer.txt
  5. luna999
    j.w. pozdrawiam SystemLook 30.07.11 by jpshortstuff Log created at 21:49 on 31/07/2012 by Administrator Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="\\.\globalroot\systemroot\Installer\{5c46bd94-a63c-9b2e-7a22-0677688231dd}\n." "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\System32\shdocvw.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe --a---- 111104 bytes [19:50 16/07/2011] [09:55 09/02/2009] 245A46964D7F534E1D20563ACF215E80 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe --a---- 111104 bytes [19:50 16/07/2011] [11:25 09/02/2009] 02A467E27AF55F7064C5B251E587315F C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe --a---- 111104 bytes [19:50 16/07/2011] [11:19 09/02/2009] 8816E60BF654353E8E0D35ED98875445 C:\WINDOWS\$NtServicePackUninstall$\services.exe -----c- 101888 bytes [09:57 13/01/2010] [12:00 16/04/2003] BF4CBEFDCE42A699389791647CB95CA2 C:\WINDOWS\ServicePackFiles\i386\services.exe --a---- 108544 bytes [10:03 13/01/2010] [23:44 03/08/2004] 3DA8D964D2CC12EF8E8C342471A37917 C:\WINDOWS\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\services.exe --a---- 109056 bytes [20:26 16/07/2011] [17:21 14/04/2008] 3E3AE424E27C4CEFE4CAB368C7B570EA C:\WINDOWS\system32\services.exe --a---- 111104 bytes [12:00 16/04/2003] [10:10 09/02/2009] ED4E5391100287B9EABF8F2CF4B42235 C:\WINDOWS\system32\dllcache\services.exe -----c- 111104 bytes [19:50 16/07/2011] [10:10 09/02/2009] ED4E5391100287B9EABF8F2CF4B42235 -= EOF =-
  6. luna999
    Results of screen317's Security Check version 0.99.43 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! `````````Anti-malware/Other Utilities Check:````````` Trojan Remover 6.8.2 Java™ 6 Update 26 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.0.42.34 Flash Player out of Date! Adobe Reader X (10.1.0) Google Chrome 20.0.1132.47 Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` Przepraszam, że podaję dane w kilku postach ale, jak wspominałam wyżej, zupełnie się na tym nie znam.. OTL.Txt Extras.Txt Gmer.txt
  7. luna999
    Witam, będę bardzo wdzięczna za łopatologiczne wyjaśnienie jak usunąć w/w wirusa. Niestety nie znam się na diagnostyce systemu i na związanych z tym terminach. Jeżeli to mogłoby pomóc mam do dyspozycji drugi komuter. Czy mogę prosić o poprowadzenie za rączkę?
×
×
  • Dodaj nową pozycję...