W Custom Scans/Fixes wklej:
:Processes
killallprocesses
:OTL
MOD - [2010-08-18 13:01:30 | 000,084,992 | RHS- | M] () -- C:\Documents and Settings\Kisło\Ustawienia lokalne\Temp\dsoqq0.dll
O4 - HKCU..\Run: [dso32] C:\Documents and Settings\Kisło\Ustawienia lokalne\Temp\dsoqq.exe ()
O32 - AutoRun File - [2010-07-16 16:34:27 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [NTFS]
O32 - AutoRun File - [2010-07-16 16:34:27 | 000,000,061 | RHS- | M] () - D:\autorun.inf -- [NTFS]
O33 - MountPoints2\{64d1207e-dcf5-11de-9820-001e33071886}\Shell\AutoRun\command - "" = G:\i8gcgmg.exe -- File not found
O33 - MountPoints2\{64d1207e-dcf5-11de-9820-001e33071886}\Shell\open\Command - "" = G:\i8gcgmg.exe -- File not found
O33 - MountPoints2\{6a67fb4e-8f06-11de-9680-0016449e4f37}\Shell\AutoRun\command - "" = G:\qkm.exe -- File not found
O33 - MountPoints2\{6a67fb4e-8f06-11de-9680-0016449e4f37}\Shell\open\Command - "" = G:\qkm.exe -- File not found
O33 - MountPoints2\{8c64aaf1-f07d-11dd-937e-0016449e4f37}\Shell\AutoRun\command - "" = G:\09lf.exe -- File not found
O33 - MountPoints2\{8c64aaf1-f07d-11dd-937e-0016449e4f37}\Shell\open\Command - "" = G:\09lf.exe -- File not found
O33 - MountPoints2\{c27d65c2-d0ff-11dd-ba98-806d6172696f}\Shell\AutoRun\command - "" = C:\biriprg.exe -- [2010-07-15 17:59:59 | 000,117,760 | RHS- | M] ()
O33 - MountPoints2\{c27d65c2-d0ff-11dd-ba98-806d6172696f}\Shell\open\Command - "" = C:\biriprg.exe -- [2010-07-15 17:59:59 | 000,117,760 | RHS- | M] ()
O33 - MountPoints2\{c27d65c3-d0ff-11dd-ba98-806d6172696f}\Shell\AutoRun\command - "" = D:\biriprg.exe -- [2010-07-15 17:59:59 | 000,117,760 | RHS- | M] ()
O33 - MountPoints2\{c27d65c3-d0ff-11dd-ba98-806d6172696f}\Shell\open\Command - "" = D:\biriprg.exe -- [2010-07-15 17:59:59 | 000,117,760 | RHS- | M] ()
O33 - MountPoints2\{decd0885-4f87-11df-9a13-001e33071886}\Shell\Open(&0)\command - "" = H:\Recycled\ctfmon.exe -- File not found
MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe File not found
MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe File not found
[2010-06-22 17:36:30 | 000,117,248 | RHS- | M] () -- C:\09lf.exe
[2010-06-28 21:49:14 | 000,116,736 | RHS- | M] () -- C:\1j038ki.exe
[2010-06-13 18:24:22 | 000,116,224 | RHS- | M] () -- C:\2ul.exe
[2010-07-16 16:34:27 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010-07-15 17:59:59 | 000,117,760 | RHS- | M] () -- C:\biriprg.exe
[2010-06-24 20:02:17 | 000,117,248 | RHS- | M] () -- C:\eyruu.exe
[2010-07-05 17:55:08 | 000,117,248 | RHS- | M] () -- C:\g6jk.exe
[2010-07-11 18:51:15 | 000,116,224 | RHS- | M] () -- C:\ggb6w.exe
[2010-07-14 16:34:33 | 000,116,224 | RHS- | M] () -- C:\i8gcgmg.exe
[2010-06-30 21:45:21 | 000,117,248 | RHS- | M] () -- C:\mk28sp.exe
[2010-07-13 15:50:10 | 000,116,736 | RHS- | M] () -- C:\r3x0k.exe
[2010-07-01 18:52:55 | 000,116,224 | RHS- | M] () -- C:\rxf.exe
[2010-06-27 08:24:36 | 000,116,736 | RHS- | M] () -- C:\vi8f.exe
[2010-07-08 18:35:16 | 000,117,248 | RHS- | M] () -- C:\x3xh.exe
:Commands
[reboot]
Następnie naciśnij Runfix/Wykonaj skrypt.
Podaj log z usuwania i nowy log z OTL.
Dla dokładności przeskanuj system MalwareBytes. Z niego również podaj log.