Skocz do zawartości

ania92bis

Użytkownicy
  • Postów

    12
  • Dołączył

  • Ostatnia wizyta

O ania92bis

  • Urodziny 27.03.1992

Informacje

  • Płeć:
    Kobieta
  • Skąd:
    Częstochowa
  1. Czyli dobrze wyczyściłam foldery Przywracania systemu, miałam pewne wątpliwości co do tego bo wydawało mi się to zbyt proste:D Gra Toolbar usunięta!
  2. Podsumowanie: -W folderze C:\Documents and Settings\All Users\Dokumenty\Server już nic nie było, usunęłam go w całości. -Odinstalowałam Kaspersky Virus Removal Tool -wykonałam wszystkie zalecenia, chociaż nie jestem pewna co do tego czy prawidłowo wyczyściłam foldery Przywracania systemu -jest problem z usunięciem gry Toolbar, wyskakuje komunikat że nie można otworzyć pliku Aktualnie nie ma żadnych problemów z komputerem, chyba nigdy wcześniej nie chodził tak dobrze:), nawet nie ma problemu z grafiką co wcześniej objawiało się migającym czarnym ekranem i pikselami na kursorze myszki. Chciałam pani bardzo, bardzo serdecznie podziękować za pomoc i za poświęcony czas!!! Jestem pod wrażeniem pani ogromnej wiedzy!
  3. Troszke to trwało ale mam raport: Automatyczne skanowanie: błąd (zdarzeń: 2, obiektów: 0, czas: Nieznany) 2011-05-31 05:18:16 Zagrożenie: Trojan-Dropper.Win32.Drooptroop.kko C:\Documents and Settings\All Users\Dokumenty\Server\hlp.dat 2011-05-31 05:16:43 Zadanie zostało uruchomione Automatyczne skanowanie: zakończono 2 min temu (zdarzeń: 4, obiektów: 167052, czas: 01:09:42) 2011-05-31 06:36:40 Zadanie zostało zakończone 2011-05-31 05:31:26 Usunięty: Trojan-Dropper.Win32.Drooptroop.kko C:\Documents and Settings\All Users\Dokumenty\Server\hlp.dat 2011-05-31 05:28:33 Zagrożenie: Trojan-Dropper.Win32.Drooptroop.kko C:\Documents and Settings\All Users\Dokumenty\Server\hlp.dat 2011-05-31 05:26:58 Zadanie zostało uruchomione
  4. log z z AD-Remover: ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 03:21:22 on 31/05/2011, Safeboot mode Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) Ania@53CCD542F731494 ( ) ============== ACTION(S) ============== Folder deleted: C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\FireFox\Profiles\ttr74es4.default\conduit Folder deleted: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Conduit Folder deleted: C:\Program Files\Conduit Folder deleted: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\OpenCandy (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\FireFox\Profiles\ttr74es4.default\Prefs.js -- Line deleted: user_pref("CT1561552.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line deleted: user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156... Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1561552"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1561552"); Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552"); -- File closed -- Key deleted: HKLM\Software\Classes\Toolbar.CT1561552 Key deleted: HKLM\Software\Classes\Toolbar.CT2417076 Key deleted: HKLM\Software\Conduit Key deleted: HKCU\Software\Conduit ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.17 (pl)] **** Plugins\npdnu.dll (AOL LLC) Plugins\npdnupdater2.dll (AOL LLC) Plugins\npwachk.dll (Nullsoft, Inc.) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\FireFox\Profiles\ttr74es4.default -- Extensions\IplextoALL@ALLPlayer.org (Iplex to ALLPlayer) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Ania\\Pulpit Prefs.js - browser.search.defaultenginename, Prefs.js - browser.search.defaulturl, Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17 Prefs.js - privacy.popups.showBrowserMessage, false -- C:\Documents and Settings\anna lompa\Dane aplikacji\Mozilla\FireFox\Profiles\x71v7lrk.default -- Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\anna lompa\\Pulpit Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.17 ======================================== **** Google Chrome Version [11.0.696.71] **** Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx) (?) -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Plugin - "Picasa" (Enabled: true) Plugin - "Winamp Application Detector" (Enabled: true) ======================================== **** Internet Explorer Version [7.0.5730.13] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL) ======================================== C:\Program Files\Ad-Remover\Quarantine: 16 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 31/05/2011 03:22:07 (1544 Byte(s)) C:\Ad-Report-SCAN[1].txt - 31/05/2011 02:39:28 (7023 Byte(s)) C:\Ad-Report-SCAN[2].txt - 31/05/2011 02:42:46 (7088 Byte(s)) End at: 03:22:37, 31/05/2011 ============== E.O.F ==============
  5. Usunęłam Winamp Toolbar, ale miałam problem ze znalezieniem Hotspot Shield Toolbar. A tutaj nowa dostawa logów: log powstały z usuwania OTL: All processes killed ========== OTL ========== HKU\S-1-5-21-1844237615-1177238915-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "AOL Web Search" removed from browser.search.defaultenginename Prefs.js: "Hotspot Shield Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query=" removed from browser.search.defaulturl Prefs.js: "http://search.conduit.com/?ctid=CT1561552&SearchSource=13" removed from browser.startup.homepage Prefs.js: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110224194650156&tb_oid=24-02-2011&tb_mrud=24-02-2011&query=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1844237615-1177238915-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000} C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found. C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\ttr74es4.default\searchplugins\aol-web-search.xml moved successfully. C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\ttr74es4.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\308eb\SMESys folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\308eb\Quarantine Items folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\308eb\BackUp folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\308eb folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\308ebc folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\SMKSJWE folder moved successfully. C:\Documents and Settings\Ania\Dane aplikacji\OpenCandy\OpenCandy_EF097B2A9E9146C2BC0504A8538F7192 folder moved successfully. C:\Documents and Settings\Ania\Dane aplikacji\OpenCandy folder moved successfully. ========== COMMANDS ========== Restore points cleared and new OTL Restore Point set! [EMPTYFLASH] User: Administrator User: Administrator.53CCD542F731494 User: All Users User: Ania ->Flash cache emptied: 4318 bytes User: anna lompa ->Flash cache emptied: 904 bytes User: Default User User: Gość User: LocalService User: NetworkService User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 111759 bytes User: Administrator.53CCD542F731494 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 3465364 bytes User: All Users User: Ania ->Temp folder emptied: 1225 bytes ->Temporary Internet Files folder emptied: 81902 bytes ->FireFox cache emptied: 111915663 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: anna lompa ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes ->FireFox cache emptied: 99421761 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Gość ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114584 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 207,00 mb OTL by OldTimer - Version 3.2.23.0 log created on 05312011_020047 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL.Txt1.txt Extras1.txt Ad-Report-SCAN.txt
  6. Nowy log ComboFixa: llog ComboFixa..txt
  7. Aktualnie stoje w miejscu, bo nie potrafię ręcznie zamienić poniższych plikówi z tymi z C:\Pliki: c:\windows\system32\winlogon.exe c:\windows\explorer.exe Bardzo proszę o pomoc jak mam to zrobić
  8. Kolejne logi: avenger.txt log Combofixx.txt
  9. Avast dalej wykrywa infekcje w postaci Win32:Batimal-AE, w dalszym ciągu gdy wchodzę na stronę internetową zostaje przekierowana na google. Tutaj podaje aktualny log z ComboFix log CFix.txt
  10. Dodatkowy log z ComboFixu log ComboFix.txt
  11. 1.Problem: - Avast co kilkadziesiąt minut wykrywa Win32:Bamital-AE jego lokalizacja to c:\windows\system32\winlogon.exe. - często gdy chcę wejść na konkretną stronę internetową przeglądarka przekierowuje sie na google.pl - od kilku dni mam problem z obrazem, na ekranie pojawia się czarny ekran a na kursorze myszki widać czarne piksele, prawdopodobnie siadła karta graficzna, chociaż przypuszczam ze w wyniku tej infekcji - używałam różnych programów to usuwania infekcji minn. ComboFixa 2. Logi: 1.Gmer: GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-29 01:31:15 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160811AS rev.3.AAE Running: x7cj8jwm.exe; Driver: C:\DOCUME~1\Ania\USTAWI~1\Temp\ffpdiaoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[724] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!send 71A5428A 5 Bytes JMP 00165ACB .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00165CC8 .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!gethostbyname 71A54FD4 5 Bytes JMP 00166224 .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00165B3E .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00165C19 .text C:\Program Files\Mozilla Firefox\firefox.exe[724] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00165F43 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1432] USER32.dll!TrackPopupMenu 7E3B526E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\Explorer.EXE[1980] kernel32.dll!CreateProcessInternalW 7C819724 5 Bytes JMP 00B78369 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- 2.OTL w załączniku 3.OTL Extras w załączniku 3.Checkup: Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! avast! Free Antivirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Driver Cleaner 3 Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Adobe Reader 9.4.0 - Polish Out of date Adobe Reader installed! Mozilla Firefox (3.6.17) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Z góry dziękuję za rozpatrzenie mojego problemu. OTL.Txt Extras.Txt
×
×
  • Dodaj nową pozycję...