PC zacina - wirusy

[//Sledz 0]

Witam, tak jak w temacie:

komputer był zawirusowany, AVG wywalił ich sporo, jednak jeszcze nie wszystkie. Zrobiłem skana Combofixem, oto log:

 

ComboFix 14-07-25.01 - Agnieszka 2014-07-28  21:37:37.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.3072.2004 [GMT 2:00]
Uruchomiony z: c:\users\Agnieszka\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0415.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-06-28 do 2014-07-28  )))))))))))))))))))))))))))))))
.
.
2014-07-28 19:43 . 2014-07-28 19:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-28 18:44 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FA43E6F-62C5-4AD9-9563-E80F03CBE3C7}\mpengine.dll
2014-07-28 13:21 . 2014-07-28 13:21	--------	d-----w-	c:\users\Agnieszka\AppData\Roaming\AVG2014
2014-07-28 13:21 . 2014-07-28 13:21	--------	d-----w-	c:\users\Agnieszka\AppData\Roaming\TuneUp Software
2014-07-28 13:16 . 2014-07-28 13:31	--------	d-----w-	c:\programdata\AVG2014
2014-07-28 13:16 . 2014-07-28 13:16	--------	d-----w-	C:\$AVG
2014-07-28 13:16 . 2014-07-28 13:16	--------	d-----w-	c:\program files (x86)\AVG
2014-07-28 13:11 . 2014-07-28 19:19	--------	d-----w-	c:\programdata\MFAData
2014-07-28 13:11 . 2014-07-28 13:42	--------	d-----w-	c:\users\Agnieszka\AppData\Local\Avg2014
2014-07-28 13:11 . 2014-07-28 13:11	--------	d--h--w-	c:\programdata\Common Files
2014-07-28 13:11 . 2014-07-28 13:11	--------	d-----w-	c:\users\Agnieszka\AppData\Local\MFAData
2014-07-28 12:41 . 2014-07-28 12:41	--------	d-----w-	c:\program files\CCleaner
2014-07-15 06:21 . 2014-06-03 10:02	1719296	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2014-07-15 06:21 . 2014-06-03 10:02	1380864	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2014-07-15 06:21 . 2014-06-03 10:02	1389568	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2014-07-15 06:21 . 2014-06-03 10:02	1354240	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-15 06:21 . 2014-06-03 09:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 08:23 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-14 08:23 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-14 08:23 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-23 20:09 . 2014-06-23 20:09	0	---ha-w-	c:\users\Agnieszka\AppData\Local\BITE493.tmp
2014-06-17 14:21 . 2014-06-17 14:21	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07	328984	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06	269080	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06	190744	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06	242968	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06	153368	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:06 . 2014-06-17 14:06	123672	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-04-30 18:05 . 2013-05-31 18:46	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-30 18:05 . 2013-05-31 18:46	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-30 18:01 . 2014-04-30 18:00	17338544	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-07 19:05 . 2013-12-07 19:05	49940480	----a-w-	c:\program files (x86)\GUT7BD5.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 20:15	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-31 18:05]
.
2013-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2036653787-4118725653-171420358-1000Core.job
- c:\users\Agnieszka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-01 18:19]
.
2013-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2036653787-4118725653-171420358-1000UA.job
- c:\users\Agnieszka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-01 18:19]
.
2014-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 18:46]
.
2014-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 18:46]
.
.
--------- X64 Entries -----------
.
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=156
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\vs6b7564.default\
user_pref(extensions.autoDisableScopes,14);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Gimnazjum - Chemia Nowej Ery - c:\windows\IsUn0415.exe
AddRemove-Gimnazjum klasa 1 - Puls życia - c:\windows\IsUn0415.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-07-28  21:47:34
ComboFix-quarantined-files.txt  2014-07-28 19:47
.
Przed: 29 384 019 968 bajtów wolnych
Po: 29 240 160 256 bajtów wolnych
.
- - End Of File - - D1C545D26CA38ECAD3D71BB8C19966A3
32052574BF9F325AE309ABC7BFD04460

 

Proszę o pomoc.