 
        benek666
Użytkownicy- 
                Postów7
- 
                Dołączył
- 
                Ostatnia wizyta
- 
	Witam od dzisiaj wyskakuje mi alert z malwarebytes anti-malware ze program zablokował tego wirusa tylko ze co chwile mi to wyskakuje i nie daje się usunąć program podaje lokalizacje C:\Windows\system32\usp10.dll troszke sie obawiam tego troja wiec proszę was o pomoc system to Windows 7 64 oto potrzebne Logi. Mam problem z GMRE ciagle wysypuje program chwile po starcie odinstalowałem wszystkie emulatory .Poczytałem an internecie zrobiło sie dzis głośno o tym wielu ludzi ma z tym problem nie wiadomo czy to False Positive Okazało sie False Positive proszę o zamknięcie tematu Addition.txt FRST.txt Shortcut.txt
- 
	Wszystko ok posprzątane niema wirusów Dziękuje ci serdecznie za pomoc poświecony czas i gratuluje ogromu wiedzy jeszcze raz Dzięki:)
- 
	OTL LOG All processes killed ========== OTL ========== Prefs.js: "Yahoo" removed from browser.search.selectedEngine Prefs.js: "http://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20111224&user_guid=40B33E016A0A4C41B17654B72B29F13D&machine_id=99fc71874ca0b82f9fc75df4ea05a984&browser=FF&os=win&os_version=6.1-x64-SP1&q=" removed from keyword.URL C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\aebcszye.default\searchplugins\yahoo-zugo.xml moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\RestrictRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\RestrictRun deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marcin ->Temp folder emptied: 5995898997 bytes ->Temporary Internet Files folder emptied: 71579511 bytes ->Java cache emptied: 280460 bytes ->FireFox cache emptied: 233112465 bytes ->Opera cache emptied: 15560307 bytes ->Flash cache emptied: 142991 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes %systemdrive% .tmp files removed: 410715 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 1564672 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 75560011 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11289859 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68032 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6 109,00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06122012_180541 Files\Folders moved on Reboot... C:\Users\Marcin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... FSS.txt
- 
	prosze oto logi nie wyskakuje juz nic w antywir tylko kurcze przez tego wirusa niemam dzwięku w przeglądarkach moze masz jakis pomysł jak to naprawić Z dzwiękami juz sobie poradziłem reinstalacja adobe flash playera pomogła OTL.Txt FSS.txt
- 
	BlitzBlank File/Registry Modification Engine native application MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\@", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\L", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\L\00000004.@", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\00000004.@", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\00000008.@", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\000000cb.@", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\80000000.@", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trz12F8.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trz1308.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trz749A.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trz7D59.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trz7D5A.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzA3.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzB772.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzBCE0.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzE47D.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzE50A.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzF5C5.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzFA96.tmp", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\trzFD48.tmp", destinationFile = "(null)", replaceWithDummy = 0 SystemLook 30.07.11 by jpshortstuff Log created at 17:17 on 12/06/2012 by Marcin Administrator - Elevation successful ========== filefind ========== Searching for "services.exe" C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [14:31 31/01/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB ========== folderfind ========== Searching for "{e7262e26-6dbb-552f-99d4-64b679abf265}" No folders found. -= EOF =- sfc.txt
- 
	prosze oto raport SystemLook 30.07.11 by jpshortstuff Log created at 16:55 on 12/06/2012 by Marcin Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [14:31 31/01/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB ========== regfind ========== Searching for "{e7262e26-6dbb-552f-99d4-64b679abf265}" No data found. -= EOF =-
- 
	Witam mam problem z wirusem niemoge sie go pozbyc przeskanowałem antimaleware dodaje log i w avast wysakuje mi co 5 min C:\Windows\Installer\{e7262e26-6dbb-552f-99d4-64b679abf265}\U\80000032.@ (win32 dnschanger-vj) co robic pomocy mbam-log-2012-06-12 (14-26-30).txt OTL.Txt Extras.Txt