Vundo@dll

http://www.wklej.org/id/bf03c1fb92

Witam! Złapalem wirusa vundo@dll i moze jeszcze cos. mam avasta zalaczam log combofix.

Jak nie trudno zgadnac prosze o pomoc i instrukcje co dalej zrobic.

W dniu 28.05.2008 , o godzinie 15:15 został dopisany post przez RajuBaju

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:04:22, on 2008-05-28

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

d:\Avast4\aswUpdSv.exe

d:\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

d:\Alcohol 120\StarWind\StarWindServiceAE.exe

d:\Avast4\ashMaiSv.exe

d:\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

d:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - d:\Copernic Desktop Search 2\DesktopSearchBand203000030.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow … rtScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre … 586-jc.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - d:\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - d:\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

End of file - 6274 bytes

Użyj http://www.atribune.org/public-beta/VundoFix.exe bądź zerknij tu: viewtopic.php?t=245277 .

vundo juz probowalem niestety nic nie wykryl

W dniu 28.05.2008 , o godzinie 16:00 został dopisany post przez RajuBaju

KTOŚ SIE ZLITUJE??

fix w hijackthis

Podaj log z Combofix

ComboFix 08-05-27.4 - Wszechmogacy 2008-05-28 13:46:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.652 [GMT 2:00]

Running from: C:\Documents and Settings\Wszechmogacy\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\fccaXRHX.dll

C:\WINDOWS\system32\fccyaBrP.dll

C:\WINDOWS\system32\rqRLfdCt.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))

.

2008-10-04 20:51 . 2008-10-04 20:51

2008-10-04 20:51 . 2008-10-04 20:51

2008-10-04 20:50 . 2008-10-04 20:50

2008-10-04 20:50 . 2008-10-04 20:50

2008-10-04 20:49 . 2008-10-04 20:49

2008-10-04 20:49 . 2004-06-03 04:40 294,400 -ra------ C:\WINDOWS\system32\idecoi.dll

2008-10-04 20:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe

2008-10-04 20:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-10-04 20:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\nvuide.exe

2008-10-04 20:49 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\nvugart.exe

2008-10-04 20:49 . 2004-04-03 00:40 32,256 -ra------ C:\WINDOWS\system32\NVCOG.DLL

2008-10-04 20:49 . 2004-04-28 00:22 2,124 --a------ C:\WINDOWS\system32\nvgart.nvu

2008-10-04 20:49 . 2004-06-18 11:30 789 -ra------ C:\WINDOWS\system32\nvsmb.nvu

2008-10-04 20:49 . 2004-06-17 20:30 464 -ra------ C:\WINDOWS\system32\nvide.nvu

2008-10-04 20:48 . 2008-10-04 20:48 5,855 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-10-04 19:42 . 2004-08-04 00:44 153,088 --a------ C:\WINDOWS\system32\irftp.exe

2008-10-04 19:42 . 2004-08-04 00:44 27,648 --a------ C:\WINDOWS\system32\irmon.dll

2008-10-04 19:42 . 2004-08-04 00:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2008-05-26 23:51 . 2008-05-26 23:51 181 --a------ C:\WINDOWS\MPLAYER.INI

2008-05-21 01:13 . 2008-05-21 01:15

2008-05-20 19:18 . 1995-01-30 00:00 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL

2008-05-20 19:18 . 1995-01-30 00:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL

2008-05-20 19:18 . 1995-01-30 00:00 6,736 --a------ C:\WINDOWS\system32\WINGDIB.DRV

2008-05-20 19:18 . 1994-09-02 00:00 5,195 --a------ C:\WINDOWS\system32\DVA.386

2008-05-20 19:18 . 1995-01-30 00:00 5,024 --a------ C:\WINDOWS\system32\WINGPAL.WND

2008-05-20 19:17 . 1997-11-19 14:15 283,648 --a------ C:\WINDOWS\unin0415.exe

2008-05-18 12:02 . 2008-05-18 12:02

2008-05-16 18:24 . 2008-05-16 18:24

2008-05-16 17:03 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-05-16 17:03 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-05-15 22:35 . 2008-05-15 22:35

2008-05-13 19:07 . 2008-05-13 19:07

2008-05-13 19:07 . 2008-05-13 19:07

2008-05-13 19:07 . 2008-05-13 19:07

2008-05-13 19:06 . 2008-05-13 19:06

2008-05-12 10:21 . 2008-05-12 10:21

2008-05-03 17:24 . 2008-05-03 17:24

2008-05-03 17:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-03 17:23 . 2008-05-03 17:24

2008-05-03 17:22 . 2008-05-03 17:22

2008-05-03 14:18 . 2008-05-03 14:18

2008-05-02 19:37 . 2008-05-02 19:37

2008-05-02 19:37 . 1999-07-26 12:38 17,920 --------- C:\WINDOWS\system32\IMPLODE.DLL

2008-05-01 20:21 . 2008-05-16 08:08

2008-05-01 20:18 . 2008-05-01 20:19

2008-05-01 16:13 . 2001-10-15 11:42 228,352 --a------ C:\WINDOWS\system32\DECO_32.DLL

2008-05-01 15:54 . 2008-05-02 19:37 345 --a------ C:\WINDOWS\SloOrt.ini

2008-04-28 09:05 . 2008-05-24 22:14 4,232 --a------ C:\WINDOWS\EPSJP11.DOR

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 10:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-17 19:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-22 15:45 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-22 12:28 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll

2008-04-21 14:52 --------- d-----w C:\Program Files\C-Media 6501 Sound

2008-04-20 10:37 --------- d-----w C:\Documents and Settings\Wszechmogacy\Dane aplikacji\Oxford

2008-04-18 15:53 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys

2008-04-18 15:51 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-04-17 15:03 --------- d-----w C:\Program Files\Common Files\YDP

2008-04-17 15:02 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-17 14:53 --------- d-----w C:\Program Files\TEXTware

2008-04-17 14:27 --------- d-----w C:\Program Files\Alcohol Toolbar

2008-04-16 15:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA

2008-04-16 11:53 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-13 15:18 --------- d-----w C:\Documents and Settings\Wszechmogacy\Dane aplikacji\PPStream

2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2004-09-28 02:00 26,240 -c–a-w C:\WINDOWS\inf\RAMDSK.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-05-24 13:31 68856]

“Zinio DLM”=“C:\Program Files\Zinio\ZinioDeliveryManager.exe” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22 7700480]

“nwiz”=“nwiz.exe” [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-10-22 12:22 86016]

“C6501Sound”=“c6501.cpl” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-05-13 19:07 185896]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3fhg”= mp3fhg.acm

“msacm.divxa32”= divxa32.acm

“VIDC.X264”= x264vfw.dll

“VIDC.HFYU”= huffyuv.dll

“vidc.i263”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^Wszechmogacy^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]

path=C:\Documents and Settings\Wszechmogacy\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Wszechmogacy^Menu Start^Programy^Autostart^PPS.lnk]

backup=C:\WINDOWS\pss\PPS.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]

–a------ 2008-04-10 22:38 1583624 d:\Copernic Desktop Search 2\DesktopSearchService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

–a------ 2008-05-13 19:06 120320 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]

C:\Program Files\Zinio\ZinioDeliveryManager.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\DC++\DCPlusPlus.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“D:\Microsoft Office\Office12\OUTLOOK.EXE”=

“D:\Microsoft Office\Office12\ONENOTE.EXE”=

“d:\PPStream\PPStream.exe”=

“d:\PPStream\PPSAP.exe”=

“D:\PPMate\ppmate.exe”=

“D:\PPMate\ppamnet.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“13223:TCP”= 13223:TCP:BitComet 13223 TCP

“13223:UDP”= 13223:UDP:BitComet 13223 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-18 17:53]

R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b729ef8c-923b-11dd-b738-806d6172696f}]

\Shell\AutoRun\command - K:\Bin\assetup.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 13:48:33

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

  • C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

D:\Avast4\aswUpdSv.exe

D:\Avast4\ashServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wdfmgr.exe

D:\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Avast4\ashWebSv.exe

D:\Avast4\Setup\avast.setup

.

**************************************************************************

.

Completion time: 2008-05-28 13:49:34 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-28 11:49:31

Pre-Run: 827,228,160 bajtów wolnych

Post-Run: 897,327,104 bajt˘w wolnych

185

W dniu 28.05.2008 , o godzinie 17:51 został dopisany post przez RajuBaju

i co teraz?? help pis

RajuBaju ,

Ważne

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i stosuj się do Tematu

zrobiłem wszystko j.w. wtej chwili moje logi wygladaja tak:

http://www.wklej.org/id/b8f4cf2ccf

http://www.wklej.org/id/05de0a1484

czy teraz juz jest wszystko ok??

z gory dziekuje za pomoc

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile: