Skocz do zawartości
Nadchodzące zmiany w logowaniu

talerz123

Użytkownicy
 Pokaż profil  Zobacz aktywność

  • Postów

    3

  • Dołączył

  • Ostatnia wizyta

  1. talerz123
    za post pod postem przepraszam. otl wyczyszczone, foldery przywracania usunięte i zrobiona nowa kopia. malwarebytes nic nie wykrył więc bardzo bardzo dziękuję za pomoc;-). pytanie mam tylko odnosnie malwarebytes - czy mogę zostawić i nie bedzie to kolidowało z kasperskym, czy powinnam usunąć? jeszcze raz dziękuję za pomoc!
  2. talerz123
    niestety gdzie to nie wiem - nie podaje żadnej lokalizacji albo ja nie umiem jej sprawdzic, podaje tylko process: pid: i tu za każdym razem inne cyfry. ale jak wykonalam ten skrypt to po restarcie już komunikat się nie wyświetlił. wygląda jakby wszystko było ok. a i zapomniałam dodać, że kasperskyTDSS killer nic nie znalazł OTL.Txt2.txt
  3. talerz123
    Mam problem z wirusem jak w tytule. wszystko zaczeło się od wirusa Ukash. wczoraj zablokowało mi komputer (po restarcie działał normalnie), kaspersky wykrył trojana - usunął. przeskanowałam komputer i był już czysty, a problem pojawiła się po uruchomieniu czyszczenia ccleanerem (byc moze to tylko zbieg okoliczoności) - wtedy pojawiły się ostrzeżenia, aż o 8 trojanach, ktore kaspersky usunął. wg Kasperskiego komputer jest już czysty, ale windows defender za kazdym uruchomieniem komputera wykrywa mi infekcję z tematu, którą niby usuwa. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-28 05:56:47 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.FB4O Running: ewtzozmr.exe; Driver: C:\Users\Talerz\AppData\Local\Temp\pfriipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E604340, 0x3EB347, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\vssvc.exe[172] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[544] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 00171F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[636] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Windows\system32\wininit.exe[644] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text ... .text C:\Windows\Explorer.EXE[2676] SHELL32.dll!InitNetworkAddressControl + 2939 76C8006C 4 Bytes [b0, 22, 8B, 00] {MOV AL, 0x22; MOV EAX, [EAX]} .text C:\Windows\Explorer.EXE[2676] SHELL32.dll!ShellExecuteExW + 121F 76CB11DC 4 Bytes [20, 1B, 8B, 00] {AND [EBX], BL; MOV EAX, [EAX]} .text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2716] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Windows\system32\taskeng.exe[2720] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2884] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Program Files\Windows Defender\MSASCui.exe[3016] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!LdrLoadDll 779B79B3 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab) .text ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74968864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749A9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7496B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7495FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74967A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7495EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7499B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7496BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74960756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749606BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749571B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749ED9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74987329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7495E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7495697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749569A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74962475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [008B2480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [008B1DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [008B27D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) IAT C:\Windows\Explorer.EXE[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [008B1290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ---- Threads - GMER 1.0.15 ---- Thread System [4:440] 878566F0 Thread System [4:448] 878566F0 Thread System [4:452] 878A3EB0 Thread System [4:456] 878A3EB0 Thread System [4:460] 878A3EB0 ---- EOF - GMER 1.0.15 ---- OTL.Txt Extras.Txt
×
×
  • Dodaj nową pozycję...