Przy uruchomieniu otwiera się folder "moje dokumenty"

Dla specjalistów Bezpieczeństwo
#1

Witam,

Problem jest tego typu że jak odpalam system to wyskakuje już tylko jeden folder “moje dokumenty”, wcześniej były dwa. Kompa jakoś w miarę postawiłem na nogi bo avast wykrył 10 trojanów i przez jakiś czas co restart wykrywał nowego trojana. Na obecną chwilę już nie wykrywa wirusów ale ciągle odpala się moje dokumenty i jak by coś go zwalniało. Combofix odpala się ale po paru min już komp zacięty na amen (restart tylko z przycisku) i po mniej więcej 10min przestaje pracować dysk. Wstawiam log z OTL

OTL logfile created on: 2012-02-23 21:53:04 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\userek\Downloads

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,21% Memory free

4,00 Gb Paging File | 3,07 Gb Available in Paging File | 76,81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,95 Gb Total Space | 114,14 Gb Free Space | 76,63% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 460,07 Gb Free Space | 49,39% Space Free | Partition Type: NTFS


Computer Name: USEREK-KOMPUTER | User Name: userek | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-02-23 17:14:46 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\userek\Downloads\OTL.exe

PRC - [2012-02-20 12:12:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-02-07 13:18:28 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2012-02-07 13:18:27 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\userek\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

PRC - [2011-11-28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011-11-03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011-05-21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2011-05-21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-02-20 12:12:09 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] -- -- (EWSASERV)

SRV - [2012-02-07 13:18:28 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011-11-14 03:00:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011-11-03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011-06-26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)

SRV - [2011-05-21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010-06-25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2011-11-28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011-11-28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011-11-28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011-11-28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011-11-14 18:20:27 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011-11-04 13:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)

DRV - [2011-11-04 13:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)

DRV - [2011-11-04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2011-11-04 13:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)

DRV - [2011-05-21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010-11-20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010-06-25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2010-02-23 11:39:48 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)

DRV - [2010-01-07 03:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)

DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009-05-04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2009-04-03 06:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109130&babsrc=HP_ss&mntrId=86f595e200000000000000e04c81b22f

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://allegro.pl"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=86f595e200000000000000e04c81b22f&q="

FF - prefs.js..network.proxy.type: 0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\userek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\userek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-22 19:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-20 12:12:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


[2011-11-14 22:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userek\AppData\Roaming\mozilla\Extensions

[2012-02-08 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userek\AppData\Roaming\mozilla\Firefox\Profiles\qzvuizcw.default\extensions

[2011-11-14 22:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-02-20 12:12:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012-02-14 23:31:23 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-02-08 15:15:33 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012-02-14 23:31:23 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-02-14 23:31:23 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-02-14 23:31:23 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-02-14 23:31:23 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-02-14 23:31:23 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=86f595e200000000000000e04c81b22f

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\userek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\userek\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\userek\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\userek\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Users\userek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\userek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\


O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23530B4C-2500-4E97-AEDC-B33AAD55930D}: DhcpNameServer = 194.204.152.34 194.204.159.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2654F9C4-605C-420C-AF3F-848B449A1270}: DhcpNameServer = 194.204.152.34 194.204.159.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-02-23 21:28:24 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012-02-23 18:46:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012-02-23 18:46:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012-02-23 18:46:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012-02-23 18:42:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012-02-23 18:42:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-02-15 23:35:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012-02-15 23:35:34 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012-02-15 23:35:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012-02-15 23:35:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012-02-15 23:35:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012-02-15 23:35:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012-02-15 18:48:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2012-02-15 18:47:52 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012-02-10 08:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2012-02-10 08:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2012-02-08 19:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1

[2012-02-08 19:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.1

[2012-02-08 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2012-02-08 15:15:30 | 000,000,000 | ---D | C] -- C:\Users\userek\AppData\Local\Babylon

[2012-02-08 15:15:29 | 000,000,000 | ---D | C] -- C:\Users\userek\AppData\Roaming\Babylon

[2012-02-08 15:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012-02-08 15:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles

[2012-01-28 16:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter

[2012-01-28 16:18:03 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx

[2012-01-28 16:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video Converter

[2012-01-27 23:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleDivX


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-02-23 21:50:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-02-23 21:50:29 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys

[2012-02-23 21:39:00 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-02-23 21:39:00 | 000,010,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-02-23 21:23:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152198824-3834894238-1515904948-1000UA.job

[2012-02-23 21:12:54 | 000,701,022 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2012-02-23 21:12:54 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-02-23 21:12:54 | 000,136,040 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2012-02-23 21:12:54 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-02-23 21:09:34 | 000,000,348 | ---- | M] () -- C:\Users\userek\Desktop\fix.reg

[2012-02-23 16:09:18 | 000,024,557 | ---- | M] () -- C:\Users\userek\Desktop\bookmarks-2012-02-23.json

[2012-02-23 16:09:08 | 000,038,477 | ---- | M] () -- C:\Users\userek\Desktop\bookmarks.html

[2012-02-23 13:23:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152198824-3834894238-1515904948-1000Core.job

[2012-02-22 13:42:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012-02-17 20:57:48 | 324,571,136 | ---- | M] () -- C:\Users\userek\Desktop\Microsoft Office InfoPath 2010 X64 64bit.iso

[2012-02-16 08:54:55 | 000,414,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012-02-13 15:08:29 | 001,527,719 | ---- | M] () -- C:\Users\userek\Documents\DSC06616.JPG

[2012-02-13 15:07:51 | 001,298,220 | ---- | M] () -- C:\Users\userek\Documents\DSC06622.JPG

[2012-02-08 19:44:02 | 000,001,047 | ---- | M] () -- C:\Users\userek\Desktop\Cheat Engine.lnk

[2012-01-29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012-01-28 16:18:04 | 000,000,951 | ---- | M] () -- C:\Users\userek\Desktop\Total Video Converter.lnk

[2012-01-27 23:57:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-02-23 21:13:38 | 000,038,477 | ---- | C] () -- C:\Users\userek\Desktop\bookmarks.html

[2012-02-23 21:13:38 | 000,024,557 | ---- | C] () -- C:\Users\userek\Desktop\bookmarks-2012-02-23.json

[2012-02-23 21:09:34 | 000,000,348 | ---- | C] () -- C:\Users\userek\Desktop\fix.reg

[2012-02-23 18:46:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012-02-23 18:46:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012-02-23 18:46:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012-02-23 18:46:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012-02-23 18:46:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012-02-17 21:09:46 | 324,571,136 | ---- | C] () -- C:\Users\userek\Desktop\Microsoft Office InfoPath 2010 X64 64bit.iso

[2012-02-13 15:07:52 | 001,527,719 | ---- | C] () -- C:\Users\userek\Documents\DSC06616.JPG

[2012-02-13 15:07:16 | 001,298,220 | ---- | C] () -- C:\Users\userek\Documents\DSC06622.JPG

[2012-02-08 19:44:02 | 000,001,047 | ---- | C] () -- C:\Users\userek\Desktop\Cheat Engine.lnk

[2012-01-28 16:18:04 | 000,000,951 | ---- | C] () -- C:\Users\userek\Desktop\Total Video Converter.lnk

[2011-12-03 16:43:33 | 000,007,648 | ---- | C] () -- C:\Users\userek\AppData\Local\resmon.resmoncfg

[2011-11-29 13:12:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011-11-14 21:21:13 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011-11-14 21:19:21 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011-11-14 20:55:42 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010-06-25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll


< End of report >
#2

Przeskanuj progr.Malwarebytes Anti-Malware

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW

Pokaż nowe logi z OTL(extras też)

Logi wrzuć na wklej.org

Źle się czyta wklejone do postu.

#3

Malwarebytes Anti-Malware wykrył mi coś:

http://wklej.org/id/695067/

OTL log:

http://wklej.org/id/695080/

OTL extras:

http://wklej.org/id/695081/

#4

Odinstaluj Babylon toolbar on IE.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.

#5

Zrobiłem wszystko to co było napisane komputer już nie zamula ale problem wyskakującego folderu przy starcie nie zniknął. Po wklejeniu do OTL tamtego skryptu po wszystkim mi wyskoczył notatnik i po SecurityCheck pokazało taki notatnik.

Z OTL:

http://wklej.org/id/695170/

Z SecurityCheck:

http://wklej.org/id/695166/

#6

W okno Własne opcje skanowania / skrypt w OTL wklej:

Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania na forum Sprawdź po restarcie czy okno nadal się uruchamia

Zaktualizuj Javę oraz Adobe Readera. Jest już dostępny Avast7

#7

Wielkie dzięki wszystko już śmiga okno żadne nie wyskakuje, a komp teraz pracuje lepiej niż przed tymi wszystkimi problemami :slight_smile:

Brawa dla was =D>

I log po restarcie z OTL jak pisałeś:

http://wklej.org/id/695317/