magicuene

nic więcej nie wykryto dziękuję bardzo za pomoc

========== REGISTRY ========== Registry key HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\opencandy.com/OpenCandyIgnite\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. ========== FILES ========== C:\Documents and Settings\Asia\Dane aplikacji\OpenCandy\OpenCandy_0DF75BB398A3453F8355ACA7AFFF3A52 folder moved successfully. C:\Documents and Settings\Asia\Dane aplikacji\OpenCandy folder moved successfully. OTL by OldTimer - Version 3.2.35.1 log created on 03092012_151555 Klawiatura i touchpad działają

wklejam wyniki: AdwCleanerR1.txt OTL.Txt All processes killed ========== OTL ========== artourservice removed from NetSvcs value successfully! Service artourservice stopped successfully! Service artourservice deleted successfully! Error: No service named artourservice was found to stop! Service\Driver key artourservice not found. Error: No service named mbr was found to stop! Service\Driver key mbr not found. Service catchme stopped successfully! Service catchme deleted successfully! Error: No service named a8243oes was found to stop! Service\Driver key a8243oes not found. Error: No service named .tosrfcom was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.tosrfcom deleted successfully. Prefs.js: "Web Search..." removed from browser.search.defaultenginename Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: All Users User: Asia ->Temp folder emptied: 842627 bytes ->Temporary Internet Files folder emptied: 584155 bytes ->Java cache emptied: 19701774 bytes ->FireFox cache emptied: 132495193 bytes ->Google Chrome cache emptied: 18366904 bytes ->Flash cache emptied: 71701 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 89311 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 167,00 mb OTL by OldTimer - Version 3.2.35.1 log created on 03092012_144032 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found! Registry entries deleted on Reboot...

zrobiłem wszystko po kolei. dostęp do sieci wrócił, klawiatura i touchpad dalej nie działają. wklejam logi, proszę o dalszą pomoc FSS.txt log combofix.txt OTL.Txt GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-03-09 13:58:18 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 TOSHIBA_MK3263GSX rev.FG020A Running: bwe0hr78.exe; Driver: C:\DOCUME~1\Asia\USTAWI~1\Temp\uxtdqpod.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xACCAFB9C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xACCAF9C0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xACCAFAFA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdePort0 [b9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [b9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [b9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 [b9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\a8243oes \Device\Scsi\a8243oes1 8A118430 Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) Device \FileSystem\Ntfs \Ntfs 8A5111E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \FileSystem\Fastfat \Fat 889521E8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ----

witam proszę o sprawdzenie logów i info co i jak z tym dalej zrobic. mam problem z trojanem sirefef, niczym się go nie da usunąć. nie działa internet, klawiatura, touchpad zaznaczam, że jestem zielony w tych sprawach, proszę o pisanie w "ludzkim" języku AntiZeroAccess_Log.txt Extras.Txt OTL.Txt FSS.txt