Mam laptopa ACER Asphire. Orginalny system Windows Vista Home zainstalowany przy kupnie, nie mam do niego płyty. BasicPo ataku konia trojańskiego występuje błąd eksploratora Windows przy próbie urochomienia Panelu Sterowania. Niemożliwe jest przywrócenie funkcji bezprzewodowego
internetu, nie mogę uruchomić Avast antywirus i Spy-bota.
Wirus został już usunięty, korzystałam z różnych skanerów po usunięciu trojana, ale problemy pozostały. Według skanerów komputer w tej chwili jest czysty.
Niestety nie mam płyty z back-upem ani z Windowsem.
Czy konieczna jest reinstalka Windowsa czy da się ten problem jakoś rozwiązać?
Proszę o pomoc. Pozdrawiam
P.S. Właśnie zeskanowałam jeszcze raz i jednak znaleziono te wirusy:
Worm.Bagle
Trojan.Agent
Rootkit.Beagle
Rootkit.Beagle.KillAV
Pomocy Smutny
Szukałam już pomocy tutaj:
http://www.vistaforum.pl/read.php?4,6299
i próbowałam wszystkiego co mi radzili, ale dalej bez efektów. Usunęłam już Spy-bota i avasta, ale internet dalej nie łączy…
Zamieszczam loga Combofixa:
ComboFix 09-08-04.03 - Nataziel 2009-08-05 22:09.2.1 - NTFSx86
MicrosoftŽ Windows Vista Home Basic 6.0.6002.2.1250.48.1045.18.1013.214 [GMT 1:00]
Uruchomiony z: G:\myry.com
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
c:\users\Nataziel\AppData\Roaming\drivers\downld
c:\windows\System32\Desktop_.ini
c:\windows\system32\mfc45.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Pliki utworzone od 2009-07-05 do 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Nataziel\AppData\Local\temp
2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Public\AppData\Local\temp
2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Default\AppData\Local\temp
2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\windows\LastGood
2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\windows\Options
2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\program files\Atheros
2009-08-05 21:06 . 2007-07-30 21:13 743424 -c–a-w- c:\windows\system32\drivers\athr.sys
2009-08-05 21:06 . 2007-07-30 21:13 743424 -c–a-w- c:\windows\system32\athr.sys
2009-08-05 21:06 . 2007-05-16 09:29 24576 -c–a-w- c:\windows\system32\PressCancel.exe
2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\programdata\Atheros
2009-08-05 20:56 . 2009-08-05 20:56 -------- dc----w- c:\program files\Broadcom
2009-08-05 17:51 . 2009-08-05 17:51 -------- dc----w- c:\program files\Trend Micro
2009-08-05 17:45 . 2009-08-05 17:45 -------- dcsh–w- C:%APPDATA%
2009-08-04 23:44 . 2009-08-04 23:44 -------- dc----w- c:\program files\AxBx
2009-08-04 23:42 . 2009-08-04 23:42 -------- dc----w- c:\program files\InCode Solutions
2009-08-04 21:34 . 2009-08-04 21:34 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Malwarebytes
2009-08-04 20:30 . 2009-08-03 12:36 38160 -c–a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:30 . 2009-08-04 21:33 -------- dc----w- c:\program files\Malwarebytes’ Anti-Malware
2009-08-04 20:30 . 2009-08-04 20:30 -------- dc----w- c:\programdata\Malwarebytes
2009-08-04 20:30 . 2009-08-03 12:36 19096 -c–a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 16:30 . 2009-08-04 16:30 -------- dcsh–w- c:\windows\system32%APPDATA%
2009-08-04 15:59 . 2009-08-05 21:00 -------- dc-h–w- c:\users\Nataziel\AppData\Roaming\drivers
2009-08-04 14:49 . 2009-08-04 15:00 -------- dc----w- c:\users\Nataziel\SZKOŁA TYMKA
2009-08-03 18:17 . 2009-08-03 18:17 -------- dc----w- c:\users\Nataziel\AppData\Local\Mozilla
2009-08-03 17:43 . 2009-08-03 17:43 410984 -c–a-w- c:\windows\system32\deploytk.dll
2009-08-02 22:37 . 2009-08-02 22:37 -------- dc----w- c:\users\Nataziel\AppData\Local\Scansoft
2009-08-02 18:33 . 2009-08-02 18:33 -------- dc----w- c:\programdata\InstallShield
2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\users\Nataziel\AppData\Roaming\ScanSoft
2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\programdata\ScanSoft
2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\program files\Common Files\ScanSoft Shared
2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\program files\ScanSoft
2009-08-02 18:28 . 2009-08-02 18:28 -------- dc-h–w- c:\programdata\CanonBJ
2009-08-02 18:27 . 2009-08-02 18:27 -------- dc-h–w- c:\windows\system32\CanonIJ Uninstaller Information
2009-08-02 18:27 . 2006-12-25 20:00 198656 -c–a-w- c:\windows\system32\CNMLM8R.DLL
2009-08-02 18:27 . 2006-06-29 05:29 106496 -c–a-w- c:\windows\system32\cnco140.dll
2009-08-02 18:27 . 2006-11-10 02:00 1314816 -c–a-w- c:\windows\system32\CNCC140.DLL
2009-08-02 18:27 . 2006-11-10 01:59 57344 -c–a-w- c:\windows\system32\CNCI140.DLL
2009-08-02 18:27 . 2006-05-26 01:54 135168 -c–a-w- c:\windows\system32\CNCL140.DLL
2009-08-02 18:26 . 2009-08-02 18:26 -------- dc-h–w- c:\program files\CanonBJ
2009-07-29 19:16 . 2009-07-29 19:16 -------- dc----w- c:\program files\Alcohol Soft
2009-07-24 17:54 . 2009-07-31 22:29 -------- dc----w- c:\program files\Microsoft Silverlight
2009-07-24 17:30 . 2009-07-24 17:31 -------- dc----w- c:\windows\system32\ca-ES
2009-07-24 17:30 . 2009-07-24 17:31 -------- dc----w- c:\windows\system32\eu-ES
2009-07-24 17:30 . 2009-07-24 17:30 -------- dc----w- c:\windows\system32\vi-VN
2009-07-24 15:00 . 2009-07-24 15:00 -------- dc----w- c:\windows\system32\EventProviders
2009-07-24 14:54 . 2009-04-11 06:28 2012160 -c–a-w- c:\windows\system32\milcore.dll
2009-07-24 14:53 . 2009-04-11 06:28 60416 -c–a-w- c:\windows\system32\msscntrs.dll
2009-07-24 14:52 . 2009-04-11 06:28 83456 -c–a-w- c:\windows\system32\wlgpclnt.dll
2009-07-24 14:51 . 2009-04-11 06:28 83968 -c–a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-24 14:51 . 2009-04-11 06:28 744448 -c–a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-24 14:51 . 2009-04-11 06:28 30208 -c–a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-24 14:51 . 2009-04-11 06:28 265728 -c–a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-24 14:51 . 2009-04-11 06:28 189440 -c–a-w- c:\windows\system32\wbem\mofd.dll
2009-07-24 14:51 . 2009-04-11 06:28 614912 -c–a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-24 14:51 . 2009-04-11 06:28 265728 -c–a-w- c:\windows\system32\wbem\esscli.dll
2009-07-24 14:51 . 2009-04-11 06:28 705536 -c–a-w- c:\windows\system32\SmiEngine.dll
2009-07-24 14:51 . 2009-04-11 06:28 218624 -c–a-w- c:\windows\system32\wdscore.dll
2009-07-24 14:51 . 2009-04-11 06:27 130560 -c–a-w- c:\windows\system32\PkgMgr.exe
2009-07-24 14:50 . 2009-04-11 06:28 247808 -c–a-w- c:\windows\system32\drvstore.dll
2009-07-15 13:58 . 2009-06-15 14:53 156672 -c–a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:58 . 2009-06-15 12:42 289792 -c–a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:58 . 2009-06-15 14:52 72704 -c–a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:58 . 2009-06-15 14:52 23552 -c–a-w- c:\windows\system32\lpk.dll
2009-07-15 13:58 . 2009-04-11 06:28 34304 -c–a-w- c:\windows\system32\atmlib.dll
2009-07-15 13:58 . 2009-06-15 14:51 10240 -c–a-w- c:\windows\system32\dciman32.dll
2009-07-12 22:31 . 2009-07-12 22:31 3156992 -csh–w- c:\users\Nataziel\DocumentsIhB5Hx_save2pc.exe
2009-07-12 21:21 . 2008-12-04 19:46 180224 -c–a-w- c:\windows\system32\xvidvfw.dll
2009-07-12 21:21 . 2008-12-04 19:42 815104 -c–a-w- c:\windows\system32\xvidcore.dll
2009-07-12 21:21 . 2009-07-12 21:21 -------- dc----w- c:\program files\Xvid
2009-07-12 21:21 . 2009-07-12 21:21 -------- dc----w- c:\program files\FDRLab
2009-07-12 11:06 . 2009-07-25 13:54 -------- dc----w- c:\users\Nataziel\Jarosławiec
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 21:06 . 2008-02-26 03:05 -------- dc-h–w- c:\program files\InstallShield Installation Information
2009-08-05 18:38 . 2008-08-19 12:53 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2009-08-04 16:13 . 2008-08-05 19:31 -------- dc----w- c:\programdata\eMule
2009-08-04 16:13 . 2008-08-05 19:08 -------- dc----w- c:\program files\eMule
2009-08-03 17:42 . 2008-08-06 20:41 -------- dc----w- c:\program files\Java
2009-08-02 18:39 . 2008-09-22 15:13 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Canon
2009-08-02 18:34 . 2009-08-02 18:34 -------- dc----w- c:\programdata\CanonIJPLM
2009-08-02 18:34 . 2008-09-18 21:30 -------- dc----w- c:\program files\Canon
2009-08-02 18:32 . 2008-02-26 03:04 -------- dc----r- c:\program files\Common Files\InstallShield
2009-08-02 01:03 . 2008-12-06 10:11 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Nowe Gadu-Gadu
2009-08-02 01:02 . 2008-12-06 10:10 -------- dc----w- c:\program files\Nowe Gadu-Gadu
2009-07-29 19:29 . 2008-08-06 20:40 -------- dc----w- c:\program files\CCleaner
2009-07-27 16:44 . 2008-12-21 17:35 721904 -c–a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 17:53 . 2009-06-17 15:10 -------- dc----w- c:\program files\Microsoft
2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Calendar
2009-07-24 17:31 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Sidebar
2009-07-24 17:31 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Photo Gallery
2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Defender
2009-07-24 17:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-24 16:26 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-21 21:52 . 2009-07-29 11:56 915456 -c–a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:56 109056 -c–a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:56 71680 -c–a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:56 133632 -c–a-w- c:\windows\system32\ieUnatt.exe
2009-06-30 17:23 . 2008-08-06 23:34 -------- dc----w- c:\program files\Warcraft III
2009-06-26 15:13 . 2008-02-26 03:12 -------- dc----r- c:\program files\Common Files\Adobe
2009-06-23 11:00 . 2009-06-23 10:59 -------- dc----w- c:\program files\MWSnap
2009-06-20 17:49 . 2008-08-06 02:40 113728 -c–a-w- c:\users\Nataziel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-19 13:09 . 2008-02-26 03:16 -------- dc----w- c:\program files\Microsoft Works
2009-06-17 15:11 . 2009-06-17 15:10 -------- dc----w- c:\program files\Windows Live
2009-06-17 15:10 . 2009-06-17 15:10 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-06-17 14:29 . 2009-06-17 14:29 -------- dc----w- c:\program files\Common Files\Windows Live
2009-06-12 19:33 . 2009-06-12 19:33 10134 -c–a-r- c:\users\Nataziel\AppData\Roaming\Microsoft\Installer{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-12 19:33 . 2009-06-12 19:33 -------- dc----w- c:\program files\Microsoft WSE
2009-06-12 18:44 . 2009-06-12 18:44 -------- dc----w- c:\programdata\WindowsSearch
2009-06-07 12:51 . 2009-06-06 19:25 31273 -c–a-w- c:\windows\DIIUnin.dat
2009-06-06 21:35 . 2009-06-06 18:11 21840 -c–atw- c:\windows\system32\SIntfNT.dll
2009-06-06 21:35 . 2009-06-06 18:11 17212 -c–atw- c:\windows\system32\SIntf32.dll
2009-06-06 21:35 . 2009-06-06 18:11 12067 -c–atw- c:\windows\system32\SIntf16.dll
2009-06-06 19:25 . 2009-06-06 19:25 2829 -c–a-w- c:\windows\DIIUnin.pif
2009-06-06 19:25 . 2009-06-06 19:25 106496 -c–a-w- c:\windows\DIIUnin.exe
2009-06-06 18:25 . 2009-06-06 18:25 249856 -c----w- c:\windows\Setup1.exe
2009-06-06 18:25 . 2009-06-06 18:25 73216 -c–a-w- c:\windows\ST6UNST.EXE
2009-05-26 19:48 . 2009-05-26 19:48 98304 -c–a-w- c:\windows\system32\CmdLineExt.dll
2009-05-26 19:48 . 2009-05-26 19:48 135168 -c–a-w- c:\windows\system32\UAService7.exe
2009-05-14 16:55 . 2009-05-14 16:55 245408 -c–a-w- c:\windows\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawidłowe wpisy nie sš pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2004-10-12 864256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]
“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]
“OpwareSE4”=“c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 79400]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=“0x00000000”
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):a8,2e,42,8f,85,0c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2318229528-4103387860-1758391184-1000]
“EnableNotificationsRef”=dword:00000006
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{9AFDBD26-FEBF-4B69-BFEF-05DE70F6D8C1}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{A7709C71-1867-4EBB-AD1B-B3EAE2E38DB0}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
“TCP Query User{F66604A3-87BC-419A-8675-C37EBD3E43B9}c:\program files\opera\opera.exe”= UDP:c:\program files\opera\opera.exeNiespodziankapera Internet Browser
“UDP Query User{3688B2C5-9392-4D25-83BF-0A0D6257E9B0}c:\program files\opera\opera.exe”= TCP:c:\program files\opera\opera.exeNiespodziankapera Internet Browser
“TCP Query User{A3E2C00F-ECD6-47CC-895F-DC0F080BA5FE}c:\program files\secondlife\slvoice.exe”= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
“UDP Query User{244332E5-08D9-46DD-A6DE-60D035D0B1D3}c:\program files\secondlife\slvoice.exe”= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
“TCP Query User{69222E38-FB05-463D-92CE-1D4D099429CF}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule
“UDP Query User{E61DACD5-E619-4FE6-BD32-95F8985BD657}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-08-06 12800]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-02-25 51200]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-02-26 180736]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S4 ioloFileInfoList;iolo FileInfoList Service; [x]
S4 ioloSystemService;iolo System Service; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Zawartoć folderu ‘Zaplanowane zadania’
2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{E2D416B9-91F7-4832-99E1-4122349BD421}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKU-Default-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Skan uzupełniajšcy -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- Skojarzenia plików -------
.
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 22:38
Windows 6.0.6002 Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomylnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Czas ukończenia: 2009-08-05 22:41
ComboFix-quarantined-files.txt 2009-08-05 21:41
ComboFix2.txt 2009-08-05 18:06
Przed: 8 186 429 440 bajtów wolnych
Po: 8 182 321 152 bajtów wolnych
257 — E O F — 2009-08-04 08:11