MikeB

Bardzo dziękuję za okazaną mi tu w trybie błyskawicznym profesjonalną pomoc. Robicie tu Panie/Panowie kawał wyśmienitej roboty. temat do zamknięcia pozdrawiam Michał

Wygląda że się udało, czy czeka mnie coś jeszcze ? SystemLook 30.07.11 by jpshortstuff Log created at 21:13 on 17/06/2012 by MiK Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB -= EOF =-

Oto pliki logów po ostatnich zaleceniach SystemLook 30.07.11 by jpshortstuff Log created at 20:42 on 17/06/2012 by MiK Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (No values found) [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] "ThreadingModel"="Both" @="C:\Users\MiK\AppData\Local\{cccdec35-58a8-e626-c317-42869a85e0b9}\n." [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB -= EOF =- BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\sysnative\C:\Users\MiK\AppData\Roaming", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: ZwCreateFile(sourceDirectory) failed: status = c0000033 LaunchOnReboot: launchName = "\fix.bat", commandLine = "c:\fix.bat" OpenDriver: ZwLoadDriver(\Registry\Machine\System\CurrentControlSet\Services\blzblk) failed: status = c0000428 LaunchOnReboot: OpenDriver failed: status = c0000428 FSS.txt

Wykonano zgodnie z zaleceniem, oto logi: SystemLook 30.07.11 by jpshortstuff Log created at 19:25 on 17/06/2012 by MiK Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (No values found) [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32] "ThreadingModel"="Both" @="C:\Users\MiK\AppData\Local\{cccdec35-58a8-e626-c317-42869a85e0b9}\n." [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] @="MruPidlList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] @="%SystemRoot%\system32\shell32.dll" "ThreadingModel"="Apartment" ========== filefind ========== Searching for "services.exe" C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB -= EOF =- 06172012_190749.txt OTL.Txt FSS.txt

Witam, dziękuję za odpowiedź, oto log: 2012-06-17 18:21:55, Info CSI 00000009 [sR] Verifying 1 components 2012-06-17 18:21:55, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-06-17 18:21:55, Info CSI 0000000c [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-17 18:21:55, Info CSI 0000000e [sR] Verify complete 2012-06-17 18:21:55, Info CSI 0000000f [sR] Repairing 1 components 2012-06-17 18:21:55, Info CSI 00000010 [sR] Beginning Verify and Repair transaction 2012-06-17 18:21:55, Info CSI 00000012 [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-17 18:21:56, Info CSI 00000014 [sR] Repair complete 2012-06-17 18:21:56, Info CSI 00000015 [sR] Committing transaction 2012-06-17 18:21:56, Info CSI 00000019 [sR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation. 2012-06-17 18:21:56, Info CSI 0000001a [sR] Repairing 1 components 2012-06-17 18:21:56, Info CSI 0000001b [sR] Beginning Verify and Repair transaction 2012-06-17 18:21:56, Info CSI 0000001d [sR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store 2012-06-17 18:21:56, Info CSI 0000001f [sR] Repair complete co dalej ?

Witam, bardzo proszę o pomoc w usunięciu. Jako antywirusa używam Trend Micro Titanium Maximum Security 2012, po pełnym skanowaniu nic nie znajduje jednakże podczas pracy na laptopie co kilka, kilkanaście minut dostaje monit z programu antywirusowego: Threat: TROJ_SIREFEF.SE Source: Threat Affected Files: C:\Windows\Installer\{cccdec35-58a8-e626-c317-42869a85e0b9}\U\800000cb.@ Response: Removed Detected By: Real Time Scan lub: Threat: TROJ_SIREFEF.SD Source: Threat Affected Files: C:\Windows\Installer\{cccdec35-58a8-e626-c317-42869a85e0b9}\U\00000001.@ Response: Removed Detected By: Real Time Scan lub: Threat: TROJ_SIREFEF.ERO Source: Threat Affected Files: C:\Windows\Installer\{cccdec35-58a8-e626-c317-42869a85e0b9}\U\80000000.@ Response: Removed Detected By: Real Time Scan Oto logi z programów OTL,GMER, oraz SystemLook x64 dla skryptu: :reg HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s :filefind services.exe Bardzo proszę o pomoc w usunięciu . Extras.Txt OTL.Txt GMER.Txt SystemLook x64.txt