daniel

Bardzo dziękuję za fachową pomoc.

Zadania wykonane.Malwarebytes Anti-Malware nic nie wykrył.Cieszymy Się ?

Farbar Service Scanner Version: 06-08-2012 Ran by JaDowity (administrator) on 19-09-2012 at 18:41:01 Running from "C:\Users\JaDowity\Downloads" Windows Vista Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D C:\Windows\system32\Drivers\afd.sys [2011-06-16 19:33] - [2011-04-21 15:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457 C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2010-08-13 06:47] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9 C:\Windows\system32\dnsrslvr.dll [2011-04-15 21:38] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D C:\Windows\system32\mpssvc.dll [2008-07-20 00:09] - [2008-01-19 09:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B C:\Windows\system32\bfe.dll [2008-07-20 00:08] - [2008-01-19 09:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697 C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe [2008-07-20 00:09] - [2008-01-19 09:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23 C:\Windows\system32\wscsvc.dll [2008-07-20 00:08] - [2008-01-19 09:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C C:\Windows\system32\wbem\WMIsvc.dll [2008-07-20 00:07] - [2008-01-19 09:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5 C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll [2008-07-20 00:09] - [2008-01-19 09:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D C:\Windows\system32\es.dll [2008-08-13 06:26] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465 C:\Windows\system32\cryptsvc.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2009-06-29 02:07] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830 **** End of log ****

Avast przestał bombardować. To chyba doba wiadomość? SystemLook 30.07.11 by jpshortstuff Log created at 19:46 on 18/09/2012 by JaDowity Administrator - Elevation successful ========== filefind ========== Searching for "services.exe" C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [09:33 13/04/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\System32\services.exe --a---- 279040 bytes [22:08 19/07/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [22:08 19/07/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C -= EOF =- OTL.Txt AdwCleanerS2.txt

Dziękuje za szybką odpowiedz. SystemLook 30.07.11 by jpshortstuff Log created at 15:57 on 16/09/2012 by JaDowity Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}] (Unable to open key - key not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}] @="Microsoft WBEM New Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] @="%systemroot%\system32\wbem\wbemess.dll" "ThreadingModel"="Both" ========== filefind ========== Searching for "services.exe" C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [09:33 13/04/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\System32\services.exe --a---- 279040 bytes [22:08 19/07/2008] [07:33 19/01/2008] 5DC3C54FC22BBB6F66C290C7C0384DF9 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [22:08 19/07/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C -= EOF =- Farbar Service Scanner Version: 06-08-2012 Ran by JaDowity (administrator) on 16-09-2012 at 16:05:05 Running from "C:\Users\JaDowity\Downloads" Windows Vista Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D C:\Windows\system32\Drivers\afd.sys [2011-06-16 19:33] - [2011-04-21 15:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457 C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2010-08-13 06:47] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9 C:\Windows\system32\dnsrslvr.dll [2011-04-15 21:38] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D C:\Windows\system32\mpssvc.dll [2008-07-20 00:09] - [2008-01-19 09:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B C:\Windows\system32\bfe.dll [2008-07-20 00:08] - [2008-01-19 09:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697 C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe [2008-07-20 00:09] - [2008-01-19 09:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23 C:\Windows\system32\wscsvc.dll [2008-07-20 00:08] - [2008-01-19 09:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C C:\Windows\system32\wbem\WMIsvc.dll [2008-07-20 00:07] - [2008-01-19 09:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5 C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll [2008-07-20 00:09] - [2008-01-19 09:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D C:\Windows\system32\es.dll [2008-08-13 06:26] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465 C:\Windows\system32\cryptsvc.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll [2008-07-20 00:07] - [2008-01-19 09:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll [2009-06-29 02:07] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830 **** End of log ****

Od pewnego czasu AVAST co chwię informuje : Zablokowane złośliwe oprogramowanie ! Osłona systemu plików avast! zablokowała zagrożenie. Nie są wymagane dalsze działania. Obiekt: C:\Windows\Installer\...\00000001@ Zarażenie Win32:Trojan-gen Proces: C:\Windows\system32\services.exe Oraz dwa inne komunikaty informujące o zarażeniu win64:sirefef-a trj i win32:sirefef-ao rtk Mam 32 bitowy sysem operacyjny Windows Vista Nigdy nie miałem z tym do czyniena wiec zwracam sie z prosba o pomoc. Extras.Txt OTL.Txt gmer.txt