Złośliwy wirus na Viscie

Mam laptopa ACER Asphire. Orginalny system Windows Vista Home zainstalowany przy kupnie, nie mam do niego płyty. BasicPo ataku konia trojańskiego występuje błąd eksploratora Windows przy próbie urochomienia Panelu Sterowania. Niemożliwe jest przywrócenie funkcji bezprzewodowego

internetu, nie mogę uruchomić Avast antywirus i Spy-bota.

Wirus został już usunięty, korzystałam z różnych skanerów po usunięciu trojana, ale problemy pozostały. Według skanerów komputer w tej chwili jest czysty.

Niestety nie mam płyty z back-upem ani z Windowsem.

Czy konieczna jest reinstalka Windowsa czy da się ten problem jakoś rozwiązać?

Proszę o pomoc. Pozdrawiam

P.S. Właśnie zeskanowałam jeszcze raz i jednak znaleziono te wirusy:

Worm.Bagle

Trojan.Agent

Rootkit.Beagle

Rootkit.Beagle.KillAV

Pomocy Smutny

Szukałam już pomocy tutaj:

http://www.vistaforum.pl/read.php?4,6299

i próbowałam wszystkiego co mi radzili, ale dalej bez efektów. Usunęłam już Spy-bota i avasta, ale internet dalej nie łączy…

Zamieszczam loga Combofixa:

ComboFix 09-08-04.03 - Nataziel 2009-08-05 22:09.2.1 - NTFSx86

MicrosoftŽ Windows Vista Home Basic 6.0.6002.2.1250.48.1045.18.1013.214 [GMT 1:00]

Uruchomiony z: G:\myry.com

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\desktop.ini

c:\users\Nataziel\AppData\Roaming\drivers\downld

c:\windows\System32\Desktop_.ini

c:\windows\system32\mfc45.dll

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-05 do 2009-08-05 )))))))))))))))))))))))))))))))

.

2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Nataziel\AppData\Local\temp

2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Public\AppData\Local\temp

2009-08-05 21:38 . 2009-08-05 21:38 -------- dc----w- c:\users\Default\AppData\Local\temp

2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\windows\LastGood

2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\windows\Options

2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\program files\Atheros

2009-08-05 21:06 . 2007-07-30 21:13 743424 -c–a-w- c:\windows\system32\drivers\athr.sys

2009-08-05 21:06 . 2007-07-30 21:13 743424 -c–a-w- c:\windows\system32\athr.sys

2009-08-05 21:06 . 2007-05-16 09:29 24576 -c–a-w- c:\windows\system32\PressCancel.exe

2009-08-05 21:06 . 2009-08-05 21:06 -------- dc----w- c:\programdata\Atheros

2009-08-05 20:56 . 2009-08-05 20:56 -------- dc----w- c:\program files\Broadcom

2009-08-05 17:51 . 2009-08-05 17:51 -------- dc----w- c:\program files\Trend Micro

2009-08-05 17:45 . 2009-08-05 17:45 -------- dcsh–w- C:%APPDATA%

2009-08-04 23:44 . 2009-08-04 23:44 -------- dc----w- c:\program files\AxBx

2009-08-04 23:42 . 2009-08-04 23:42 -------- dc----w- c:\program files\InCode Solutions

2009-08-04 21:34 . 2009-08-04 21:34 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Malwarebytes

2009-08-04 20:30 . 2009-08-03 12:36 38160 -c–a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-04 20:30 . 2009-08-04 21:33 -------- dc----w- c:\program files\Malwarebytes’ Anti-Malware

2009-08-04 20:30 . 2009-08-04 20:30 -------- dc----w- c:\programdata\Malwarebytes

2009-08-04 20:30 . 2009-08-03 12:36 19096 -c–a-w- c:\windows\system32\drivers\mbam.sys

2009-08-04 16:30 . 2009-08-04 16:30 -------- dcsh–w- c:\windows\system32%APPDATA%

2009-08-04 15:59 . 2009-08-05 21:00 -------- dc-h–w- c:\users\Nataziel\AppData\Roaming\drivers

2009-08-04 14:49 . 2009-08-04 15:00 -------- dc----w- c:\users\Nataziel\SZKOŁA TYMKA

2009-08-03 18:17 . 2009-08-03 18:17 -------- dc----w- c:\users\Nataziel\AppData\Local\Mozilla

2009-08-03 17:43 . 2009-08-03 17:43 410984 -c–a-w- c:\windows\system32\deploytk.dll

2009-08-02 22:37 . 2009-08-02 22:37 -------- dc----w- c:\users\Nataziel\AppData\Local\Scansoft

2009-08-02 18:33 . 2009-08-02 18:33 -------- dc----w- c:\programdata\InstallShield

2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\users\Nataziel\AppData\Roaming\ScanSoft

2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\programdata\ScanSoft

2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\program files\Common Files\ScanSoft Shared

2009-08-02 18:32 . 2009-08-02 18:32 -------- dc----w- c:\program files\ScanSoft

2009-08-02 18:28 . 2009-08-02 18:28 -------- dc-h–w- c:\programdata\CanonBJ

2009-08-02 18:27 . 2009-08-02 18:27 -------- dc-h–w- c:\windows\system32\CanonIJ Uninstaller Information

2009-08-02 18:27 . 2006-12-25 20:00 198656 -c–a-w- c:\windows\system32\CNMLM8R.DLL

2009-08-02 18:27 . 2006-06-29 05:29 106496 -c–a-w- c:\windows\system32\cnco140.dll

2009-08-02 18:27 . 2006-11-10 02:00 1314816 -c–a-w- c:\windows\system32\CNCC140.DLL

2009-08-02 18:27 . 2006-11-10 01:59 57344 -c–a-w- c:\windows\system32\CNCI140.DLL

2009-08-02 18:27 . 2006-05-26 01:54 135168 -c–a-w- c:\windows\system32\CNCL140.DLL

2009-08-02 18:26 . 2009-08-02 18:26 -------- dc-h–w- c:\program files\CanonBJ

2009-07-29 19:16 . 2009-07-29 19:16 -------- dc----w- c:\program files\Alcohol Soft

2009-07-24 17:54 . 2009-07-31 22:29 -------- dc----w- c:\program files\Microsoft Silverlight

2009-07-24 17:30 . 2009-07-24 17:31 -------- dc----w- c:\windows\system32\ca-ES

2009-07-24 17:30 . 2009-07-24 17:31 -------- dc----w- c:\windows\system32\eu-ES

2009-07-24 17:30 . 2009-07-24 17:30 -------- dc----w- c:\windows\system32\vi-VN

2009-07-24 15:00 . 2009-07-24 15:00 -------- dc----w- c:\windows\system32\EventProviders

2009-07-24 14:54 . 2009-04-11 06:28 2012160 -c–a-w- c:\windows\system32\milcore.dll

2009-07-24 14:53 . 2009-04-11 06:28 60416 -c–a-w- c:\windows\system32\msscntrs.dll

2009-07-24 14:52 . 2009-04-11 06:28 83456 -c–a-w- c:\windows\system32\wlgpclnt.dll

2009-07-24 14:51 . 2009-04-11 06:28 83968 -c–a-w- c:\windows\system32\wbem\wmiutils.dll

2009-07-24 14:51 . 2009-04-11 06:28 744448 -c–a-w- c:\windows\system32\wbem\wbemcore.dll

2009-07-24 14:51 . 2009-04-11 06:28 30208 -c–a-w- c:\windows\system32\wbem\wbemprox.dll

2009-07-24 14:51 . 2009-04-11 06:28 265728 -c–a-w- c:\windows\system32\wbem\repdrvfs.dll

2009-07-24 14:51 . 2009-04-11 06:28 189440 -c–a-w- c:\windows\system32\wbem\mofd.dll

2009-07-24 14:51 . 2009-04-11 06:28 614912 -c–a-w- c:\windows\system32\wbem\fastprox.dll

2009-07-24 14:51 . 2009-04-11 06:28 265728 -c–a-w- c:\windows\system32\wbem\esscli.dll

2009-07-24 14:51 . 2009-04-11 06:28 705536 -c–a-w- c:\windows\system32\SmiEngine.dll

2009-07-24 14:51 . 2009-04-11 06:28 218624 -c–a-w- c:\windows\system32\wdscore.dll

2009-07-24 14:51 . 2009-04-11 06:27 130560 -c–a-w- c:\windows\system32\PkgMgr.exe

2009-07-24 14:50 . 2009-04-11 06:28 247808 -c–a-w- c:\windows\system32\drvstore.dll

2009-07-15 13:58 . 2009-06-15 14:53 156672 -c–a-w- c:\windows\system32\t2embed.dll

2009-07-15 13:58 . 2009-06-15 12:42 289792 -c–a-w- c:\windows\system32\atmfd.dll

2009-07-15 13:58 . 2009-06-15 14:52 72704 -c–a-w- c:\windows\system32\fontsub.dll

2009-07-15 13:58 . 2009-06-15 14:52 23552 -c–a-w- c:\windows\system32\lpk.dll

2009-07-15 13:58 . 2009-04-11 06:28 34304 -c–a-w- c:\windows\system32\atmlib.dll

2009-07-15 13:58 . 2009-06-15 14:51 10240 -c–a-w- c:\windows\system32\dciman32.dll

2009-07-12 22:31 . 2009-07-12 22:31 3156992 -csh–w- c:\users\Nataziel\DocumentsIhB5Hx_save2pc.exe

2009-07-12 21:21 . 2008-12-04 19:46 180224 -c–a-w- c:\windows\system32\xvidvfw.dll

2009-07-12 21:21 . 2008-12-04 19:42 815104 -c–a-w- c:\windows\system32\xvidcore.dll

2009-07-12 21:21 . 2009-07-12 21:21 -------- dc----w- c:\program files\Xvid

2009-07-12 21:21 . 2009-07-12 21:21 -------- dc----w- c:\program files\FDRLab

2009-07-12 11:06 . 2009-07-25 13:54 -------- dc----w- c:\users\Nataziel\Jarosławiec

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-05 21:06 . 2008-02-26 03:05 -------- dc-h–w- c:\program files\InstallShield Installation Information

2009-08-05 18:38 . 2008-08-19 12:53 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2009-08-04 16:13 . 2008-08-05 19:31 -------- dc----w- c:\programdata\eMule

2009-08-04 16:13 . 2008-08-05 19:08 -------- dc----w- c:\program files\eMule

2009-08-03 17:42 . 2008-08-06 20:41 -------- dc----w- c:\program files\Java

2009-08-02 18:39 . 2008-09-22 15:13 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Canon

2009-08-02 18:34 . 2009-08-02 18:34 -------- dc----w- c:\programdata\CanonIJPLM

2009-08-02 18:34 . 2008-09-18 21:30 -------- dc----w- c:\program files\Canon

2009-08-02 18:32 . 2008-02-26 03:04 -------- dc----r- c:\program files\Common Files\InstallShield

2009-08-02 01:03 . 2008-12-06 10:11 -------- dc----w- c:\users\Nataziel\AppData\Roaming\Nowe Gadu-Gadu

2009-08-02 01:02 . 2008-12-06 10:10 -------- dc----w- c:\program files\Nowe Gadu-Gadu

2009-07-29 19:29 . 2008-08-06 20:40 -------- dc----w- c:\program files\CCleaner

2009-07-27 16:44 . 2008-12-21 17:35 721904 -c–a-w- c:\windows\system32\drivers\sptd.sys

2009-07-24 17:53 . 2009-06-17 15:10 -------- dc----w- c:\program files\Microsoft

2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Calendar

2009-07-24 17:31 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail

2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Sidebar

2009-07-24 17:31 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Photo Gallery

2009-07-24 17:31 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Defender

2009-07-24 17:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-07-24 16:26 . 2006-11-02 12:35 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont

2009-07-21 21:52 . 2009-07-29 11:56 915456 -c–a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 11:56 109056 -c–a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 11:56 71680 -c–a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 11:56 133632 -c–a-w- c:\windows\system32\ieUnatt.exe

2009-06-30 17:23 . 2008-08-06 23:34 -------- dc----w- c:\program files\Warcraft III

2009-06-26 15:13 . 2008-02-26 03:12 -------- dc----r- c:\program files\Common Files\Adobe

2009-06-23 11:00 . 2009-06-23 10:59 -------- dc----w- c:\program files\MWSnap

2009-06-20 17:49 . 2008-08-06 02:40 113728 -c–a-w- c:\users\Nataziel\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-19 13:09 . 2008-02-26 03:16 -------- dc----w- c:\program files\Microsoft Works

2009-06-17 15:11 . 2009-06-17 15:10 -------- dc----w- c:\program files\Windows Live

2009-06-17 15:10 . 2009-06-17 15:10 -------- dc----w- c:\program files\Windows Live SkyDrive

2009-06-17 14:29 . 2009-06-17 14:29 -------- dc----w- c:\program files\Common Files\Windows Live

2009-06-12 19:33 . 2009-06-12 19:33 10134 -c–a-r- c:\users\Nataziel\AppData\Roaming\Microsoft\Installer{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-12 19:33 . 2009-06-12 19:33 -------- dc----w- c:\program files\Microsoft WSE

2009-06-12 18:44 . 2009-06-12 18:44 -------- dc----w- c:\programdata\WindowsSearch

2009-06-07 12:51 . 2009-06-06 19:25 31273 -c–a-w- c:\windows\DIIUnin.dat

2009-06-06 21:35 . 2009-06-06 18:11 21840 -c–atw- c:\windows\system32\SIntfNT.dll

2009-06-06 21:35 . 2009-06-06 18:11 17212 -c–atw- c:\windows\system32\SIntf32.dll

2009-06-06 21:35 . 2009-06-06 18:11 12067 -c–atw- c:\windows\system32\SIntf16.dll

2009-06-06 19:25 . 2009-06-06 19:25 2829 -c–a-w- c:\windows\DIIUnin.pif

2009-06-06 19:25 . 2009-06-06 19:25 106496 -c–a-w- c:\windows\DIIUnin.exe

2009-06-06 18:25 . 2009-06-06 18:25 249856 -c----w- c:\windows\Setup1.exe

2009-06-06 18:25 . 2009-06-06 18:25 73216 -c–a-w- c:\windows\ST6UNST.EXE

2009-05-26 19:48 . 2009-05-26 19:48 98304 -c–a-w- c:\windows\system32\CmdLineExt.dll

2009-05-26 19:48 . 2009-05-26 19:48 135168 -c–a-w- c:\windows\system32\UAService7.exe

2009-05-14 16:55 . 2009-05-14 16:55 245408 -c–a-w- c:\windows\system32\unicows.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domylne, prawidłowe wpisy nie sš pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2004-10-12 864256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]

“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]

“OpwareSE4”=“c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 79400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableLUA”= 0 (0x0)

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=“0x00000000”

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“VistaSp2”=hex(b):a8,2e,42,8f,85,0c,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2318229528-4103387860-1758391184-1000]

“EnableNotificationsRef”=dword:00000006

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“TCP Query User{9AFDBD26-FEBF-4B69-BFEF-05DE70F6D8C1}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule

“UDP Query User{A7709C71-1867-4EBB-AD1B-B3EAE2E38DB0}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule

“TCP Query User{F66604A3-87BC-419A-8675-C37EBD3E43B9}c:\program files\opera\opera.exe”= UDP:c:\program files\opera\opera.exeNiespodziankapera Internet Browser

“UDP Query User{3688B2C5-9392-4D25-83BF-0A0D6257E9B0}c:\program files\opera\opera.exe”= TCP:c:\program files\opera\opera.exeNiespodziankapera Internet Browser

“TCP Query User{A3E2C00F-ECD6-47CC-895F-DC0F080BA5FE}c:\program files\secondlife\slvoice.exe”= UDP:c:\program files\secondlife\slvoice.exe:SLVoice

“UDP Query User{244332E5-08D9-46DD-A6DE-60D035D0B1D3}c:\program files\secondlife\slvoice.exe”= TCP:c:\program files\secondlife\slvoice.exe:SLVoice

“TCP Query User{69222E38-FB05-463D-92CE-1D4D099429CF}c:\program files\emule\emule.exe”= UDP:c:\program files\emule\emule.exe:eMule

“UDP Query User{E61DACD5-E619-4FE6-BD32-95F8985BD657}c:\program files\emule\emule.exe”= TCP:c:\program files\emule\emule.exe:eMule

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-08-06 12800]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-02-25 51200]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-02-26 180736]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]

S4 ioloFileInfoList;iolo FileInfoList Service; [x]

S4 ioloSystemService;iolo System Service; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Zawartoć folderu ‘Zaplanowane zadania’

2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{E2D416B9-91F7-4832-99E1-4122349BD421}.job

  • c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKU-Default-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

------- Skan uzupełniajšcy -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

------- Skojarzenia plików -------

.

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-05 22:38

Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomylnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

“MSCurrentCountry”=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

.

Czas ukończenia: 2009-08-05 22:41

ComboFix-quarantined-files.txt 2009-08-05 21:41

ComboFix2.txt 2009-08-05 18:06

Przed: 8 186 429 440 bajtów wolnych

Po: 8 182 321 152 bajtów wolnych

257 — E O F — 2009-08-04 08:11

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link !!

Log wygląda na czysty.

Pobierz i zastosuj OTC.

(Na Windows Vista uruchamiamy program z menu Uruchom jako Administrator… )

Jeśli korzystasz z Przywracania Systemu, to wyłącz i włącz je na wszystkich dyskach. Instrukcja Vista.

Wyczyść rejestr i dysk CCleaner.

Usuń zbędniki z autostartu.

Wykonaj pełny skan DR WEB CureIt.

Gdy będą wirusy pokaż raport.