Nie posiadałem żadnej ochrony na komputerze. Dziś wyskoczyło mi automatyczne powiadomienie, że mam jakieś 28 wirusów, w tym trojan i coś o keylogerze było napisane. Zablokował mi dostęp do otwierania różnych plików, nie mogę zainstalować antywirusa, czasem nie mogę otworzyć przeglądarki i komunikatora.
Kompletnie nie wiem co robić… pomóżcie!
– Dodane 15.12.2011 (Cz) 21:33 –
właśnie mi zresetował kompter i pojawił się niebieski ekran! 
nie no, emocje są dlatego, bo mam ważne rzeczy na komputerze i nie chcę ich stracić, a nie mam dysku przenośnego, bym mógł je zapisać… pomożesz?
– Dodane 15.12.2011 (Cz) 21:43 –
wszystko mi blokuje, ściągnąłem Kasperskiego - trial i nic, nie pozwala go odpalić.
Nie ma to jak zabłysnąć głupotą.
@Topic
Wstaw logi OTL, niech ktoś na forum sprawdzi.
zainstaluj to i zapodaj skan http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Niech się ktoś wypowie co się zna na bezpieczeństwie bo może bedzie potrzebny Combofix
w jaki sposób mogę to wstawić i czy w tym temacie?
– Dodane 15.12.2011 (Cz) 21:47 –
kurcze, ściągnąłem, ale wirus nie pozwala go uruchomić ;/
– Dodane 15.12.2011 (Cz) 21:57 –
czyli nie wskuram?
– Dodane 15.12.2011 (Cz) 22:11 –
pozostaje format?
spróbuj takich programów: hitman pro, Dr.WEB CureIt! jęsli się nie da to przeskanuj programem antywirusowym online lub Kaspersky Rescue Disk
coś takiego chyba mam: lsas blaster keyloger
– Dodane 15.12.2011 (Cz) 22:18 –
z tym, że ja nic nie mogę zinstalować a program on-line Kasperskiego też wymaga instalacji
pobierz hitman pro, Dr.WEB CureIt! i spróbuj je uruchomić normalnie lub w trybie awaryjnym, jeśli nie działają ci strony ze skanerami online to trudno, a kaspersky rescue disk nagrywa się przez nero. Ewentualnie niech ktoś ci go ściągnie i nagra
ściągnąłem i nic, nie chce się zainstalwać… to chyba koniec mojego oprogramowania…
Teraz będzie głupi pomysł, ale (piszę to na przykładzie własnych znajomych) prawie każdy ma livecd z ubuntu (przez akcje organizowane przez FWiOO).
Jeśli posiadasz w/w płytę może warto spróbować ClamAV?
Jeżeli pierwsza infekcja twego kompa od 2009r to tylko pogratulować,a z drugiej strony to ciekawe czy to brak wiedzy ? ,czy może coś innego ? Pozdrawiam.
Mówisz o Malwarebytes? A czy możesz podać raport OTL instrukcja otl-gmer-rsit-dss-inne-instrukcje-t370405.html Jaki błąd się pojawia?
nawet nie mogę zainstalować tego całego OTL. Wirus uniemożliwa zainstalowanie czegokolwiek ;/.
Spokojnie spróbujemy inaczej Pobierz Kasperski TDSSKiller instrukcja [http://www.fixitpc.pl/topic/8-dezynfekc … entry33542](http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page p 33542#entry33542) Jak program coś wykryje wybierasz Skip i prezentujesz raport na forum
no ***************. Nie mogę zainstalować nawet tego ;/, nie wiem co to za wirus, uniemożliwa cokolwiek.
Prawdopodobnie rootkit zeroaccess Właśnie próbuje to potwierdzić. Spróbuj użyć Webroot AntiZeroAccess [http://www.fixitpc.pl/topic/8-dezynfekc … entry37213](http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page p 37213#entry37213) Jak się uda pokaż raport na forum Jak nie proszę pisać spróbujemy usuwania z zewnątrz
Pfogram widać, że się uruchamia tylko przez ułamek sekundy i od razu jest wyłączany. A w prawym dolnym rogu widnieje cały czas coś takiego. “Wrning: your computer is infecting” “The file is infected” , “Detected spywere infection” i tak cały czas.
Pobierz OTL ponownie. Wejdź w tryb awaryjny windows i spróbuj wykonać skan. Napisz czy się udało czy nadal jest problem. To po to że staram się zidentyfikować dokładnie infekcje.
noo, w końcu coś się udało, oto ten skan:
OTL logfile created on: 2011-12-18 13:51:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tomek\Documents
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1023,37 Mb Total Physical Memory | 459,18 Mb Available Physical Memory | 44,87% Memory free
2,00 Gb Paging File | 1,47 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 13,33 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 43,61 Gb Free Space | 89,31% Space Free | Partition Type: NTFS
Drive E: | 70,92 Gb Total Space | 43,80 Gb Free Space | 61,76% Space Free | Partition Type: NTFS
Computer Name: TOMEK-KOMPUTER | User Name: Tomek | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-12-18 13:47:48 | 000,584,192 | ---- | M] (OldTimer Tools) – C:\Users\Tomek\Documents\OTL.exe
PRC - [2011-10-21 09:04:38 | 000,947,056 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe
PRC - [2011-02-26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2002-04-11 03:19:36 | 000,077,824 | ---- | M] () – C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
========== Modules (No Company Name) ==========
MOD - [2010-09-22 20:12:20 | 000,016,832 | ---- | M] () – C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2002-04-11 03:19:42 | 000,024,576 | ---- | M] () – C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002-04-11 03:19:36 | 000,077,824 | ---- | M] () – C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
========== Win32 Services (SafeList) ==========
SRV - [2011-09-16 13:04:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] – C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe – (McComponentHostService)
SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\StorSvc.dll – (StorSvc)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011-09-01 10:22:55 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] – C:\Windows\System32\drivers\AFS.SYS – (AFS)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vmbus.sys – (vmbus)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\system32\DRIVERS\vmstorfl.sys – (storflt)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\storvsc.sys – (storvsc)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\winusb.sys – (WinUsb)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vms3cap.sys – (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\VMBusHID.sys – (VMBusHID)
DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\nvm62x32.sys – (NVENETFD)
DRV - [2009-06-10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)
DRV - [2006-10-18 20:12:16 | 000,012,664 | R— | M] () [Kernel | System | Stopped] – C:\Windows\System32\drivers\AsIO.sys – (AsIO)
DRV - [2005-09-23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\MarvinBus.sys – (MarvinBus)
DRV - [2005-08-11 06:13:00 | 000,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] – C:\Windows\System32\drivers\cx88vid.sys – (CX23880)
DRV - [2004-08-13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\ASACPI.sys – (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss … 1d6021f17a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-31 22:28:00 | 000,000,000 | —D | M]
O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM…\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM…\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU…\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll ()
O3 - HKCU…\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM…\Run: [EfficientStickyNotes] File not found
O4 - HKLM…\Run: [QuickTime Task] C:\Windows\System32\qttask.exe (Apple Computer, Inc.)
O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM…\Run: [smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM…\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM…\Run: [uSBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM…\Run: [zzzHPSETUP] F:\Setup.exe File not found
O4 - HKCU…\Run: [i&F Viewer toolbar] C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe (VicMan Software)
O4 - HKCU…\Run: [nD35000KmKjF35000] C:\ProgramData\nD35000KmKjF35000\nD35000KmKjF35000.exe ()
O4 - HKCU…\Run: [Windows Update] C:\ProgramData\vg9tzwt.exe (Tt64Anx8Y7)
O4 - Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk = C:\Program Files\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
O4 - Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vg9tzwt.exe (Tt64Anx8Y7)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s … wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{2C4D755D-1E81-4F5E-81BF-9A2D194428BA}: DhcpNameServer = 62.179.1.62 62.179.1.63
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
========== Files/Folders - Created Within 30 Days ==========
[2011-12-18 13:47:48 | 000,584,192 | ---- | C] (OldTimer Tools) – C:\Users\Tomek\Documents\OTL.exe
[2011-12-15 21:10:50 | 002,322,184 | ---- | C] (ESET) – C:\Users\Tomek\Documents\esetsmartinstaller_plk.exe
[2011-12-15 18:26:33 | 000,000,000 | —D | C] – C:\ProgramData\nD35000KmKjF35000
[2011-12-14 20:33:14 | 000,000,000 | —D | C] – C:\Users\Tomek\Desktop\anglik
[2011-12-14 18:09:16 | 000,382,976 | -H-- | C] (Tt64Anx8Y7) – C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vg9tzwt.exe
[2011-12-14 18:08:06 | 000,382,976 | -H-- | C] (Tt64Anx8Y7) – C:\ProgramData\vg9tzwt.exe
[2011-11-27 16:11:40 | 000,000,000 | —D | C] – C:\Users\Tomek\AppData\Local\SecondLife
[2011-11-27 16:05:59 | 000,000,000 | —D | C] – C:\Users\Tomek\AppData\Roaming\SecondLife
========== Files - Modified Within 30 Days ==========
[2011-12-18 13:48:55 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2011-12-18 13:48:50 | 804,806,656 | -HS- | M] () – C:\hiberfil.sys
[2011-12-18 13:47:48 | 000,584,192 | ---- | M] (OldTimer Tools) – C:\Users\Tomek\Documents\OTL.exe
[2011-12-18 11:45:29 | 000,014,256 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-18 11:45:29 | 000,014,256 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-16 15:16:58 | 000,687,590 | ---- | M] () – C:\Windows\System32\perfh015.dat
[2011-12-16 15:16:58 | 000,606,992 | ---- | M] () – C:\Windows\System32\perfh009.dat
[2011-12-16 15:16:58 | 000,131,176 | ---- | M] () – C:\Windows\System32\perfc015.dat
[2011-12-16 15:16:58 | 000,103,370 | ---- | M] () – C:\Windows\System32\perfc009.dat
[2011-12-15 21:28:07 | 000,598,016 | ---- | M] () – C:\Users\Tomek\Documents\MyStickyNotes.esn
[2011-12-15 21:10:51 | 002,322,184 | ---- | M] (ESET) – C:\Users\Tomek\Documents\esetsmartinstaller_plk.exe
[2011-12-15 21:08:05 | 058,527,744 | ---- | M] () – C:\Users\Tomek\Documents\ess_nt32_plk.msi
[2011-12-14 18:09:16 | 000,382,976 | -H-- | M] (Tt64Anx8Y7) – C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vg9tzwt.exe
[2011-12-14 18:08:03 | 000,382,976 | -H-- | M] (Tt64Anx8Y7) – C:\ProgramData\vg9tzwt.exe
========== Files Created - No Company Name ==========
[2011-12-15 21:06:20 | 058,527,744 | ---- | C] () – C:\Users\Tomek\Documents\ess_nt32_plk.msi
[2011-09-15 21:06:17 | 000,049,152 | ---- | C] () – C:\Windows\Domino.exe
[2011-09-15 13:38:17 | 000,000,310 | ---- | C] () – C:\Users\Tomek\AppData\Roaming\burnaware.ini
[2011-08-31 23:17:12 | 000,098,304 | ---- | C] () – C:\Windows\System32\redmonnt.dll
[2011-08-31 22:48:41 | 000,000,761 | ---- | C] () – C:\Windows\m3jp2k.ini
[2011-08-31 22:48:41 | 000,000,714 | ---- | C] () – C:\Windows\m3jpeg.ini
[2011-08-31 22:48:41 | 000,000,702 | ---- | C] () – C:\Windows\mmtvmj.ini
[2011-08-31 22:48:39 | 000,019,968 | ---- | C] () – C:\Windows\System32\cpuinf32.dll
[2011-08-31 22:48:38 | 000,152,064 | ---- | C] () – C:\Windows\System32\unrar.dll
[2011-08-31 22:48:36 | 000,761,856 | ---- | C] () – C:\Windows\System32\xvidcore.dll
[2011-08-31 18:25:38 | 000,024,576 | R— | C] () – C:\Windows\System32\AsIO.dll
[2011-08-31 18:25:38 | 000,012,664 | R— | C] () – C:\Windows\System32\drivers\AsIO.sys
[2011-08-31 18:25:36 | 000,012,096 | ---- | C] () – C:\Windows\System32\drivers\AsInsHelp64.sys
[2011-08-31 18:25:36 | 000,010,304 | ---- | C] () – C:\Windows\System32\drivers\AsInsHelp32.sys
[2009-07-14 09:07:57 | 000,687,590 | ---- | C] () – C:\Windows\System32\perfh015.dat
[2009-07-14 09:07:57 | 000,337,158 | ---- | C] () – C:\Windows\System32\perfi015.dat
[2009-07-14 09:07:57 | 000,131,176 | ---- | C] () – C:\Windows\System32\perfc015.dat
[2009-07-14 09:07:57 | 000,038,710 | ---- | C] () – C:\Windows\System32\perfd015.dat
[2009-07-14 05:57:37 | 000,067,584 | --S- | C] () – C:\Windows\bootstat.dat
[2009-07-14 05:33:53 | 000,482,608 | ---- | C] () – C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 03:05:48 | 000,606,992 | ---- | C] () – C:\Windows\System32\perfh009.dat
[2009-07-14 03:05:48 | 000,291,294 | ---- | C] () – C:\Windows\System32\perfi009.dat
[2009-07-14 03:05:48 | 000,103,370 | ---- | C] () – C:\Windows\System32\perfc009.dat
[2009-07-14 03:05:48 | 000,031,548 | ---- | C] () – C:\Windows\System32\perfd009.dat
[2009-07-14 03:05:05 | 000,000,741 | ---- | C] () – C:\Windows\System32\NOISE.DAT
[2009-07-14 03:04:11 | 000,215,943 | ---- | C] () – C:\Windows\System32\dssec.dat
[2009-07-14 01:19:49 | 000,066,048 | ---- | C] () – C:\Windows\System32\PrintBrmUi.exe
[2009-07-14 00:55:01 | 000,043,131 | ---- | C] () – C:\Windows\mib.bin
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () – C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () – C:\Windows\System32\BWContextHandler.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () – C:\Windows\System32\mlang.dat
[2006-10-11 04:33:58 | 000,010,288 | ---- | C] () – C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004-08-13 08:56:20 | 000,005,810 | ---- | C] () – C:\Windows\System32\drivers\ASACPI.sys
[2004-01-02 00:28:29 | 000,000,100 | ---- | C] () – C:\Windows\forevermopt.INI
[2004-01-02 00:28:13 | 000,000,314 | ---- | C] () – C:\Windows\mafosav.INI
[2004-01-01 23:05:12 | 000,092,400 | ---- | C] () – C:\Windows\ktkm7.dll
[2004-01-01 23:05:12 | 000,058,192 | ---- | C] () – C:\Windows\ktkm6.dll
[2004-01-01 23:05:12 | 000,055,186 | ---- | C] () – C:\Windows\ktkm5.dll
[2004-01-01 23:05:12 | 000,030,166 | ---- | C] () – C:\Windows\ktkm9.dll
[2004-01-01 23:05:12 | 000,023,364 | ---- | C] () – C:\Windows\ktkm8.dll
[2004-01-01 23:05:12 | 000,022,926 | ---- | C] () – C:\Windows\ktkm4.dll
[2004-01-01 23:05:11 | 000,268,621 | ---- | C] () – C:\Windows\ktkm33.dll
[2004-01-01 23:05:11 | 000,098,442 | ---- | C] () – C:\Windows\ktkm35.dll
[2004-01-01 23:05:11 | 000,082,542 | ---- | C] () – C:\Windows\ktkm37.dll
[2004-01-01 23:05:11 | 000,020,926 | ---- | C] () – C:\Windows\ktkm36.dll
[2004-01-01 23:05:11 | 000,010,240 | ---- | C] () – C:\Windows\ktkm34.dll
[2004-01-01 23:05:10 | 000,326,441 | ---- | C] () – C:\Windows\ktkm32.dll
[2004-01-01 23:05:10 | 000,197,408 | ---- | C] () – C:\Windows\ktkm29.dll
[2004-01-01 23:05:10 | 000,128,042 | ---- | C] () – C:\Windows\ktkm30.dll
[2004-01-01 23:05:10 | 000,116,841 | ---- | C] () – C:\Windows\ktkm26.dll
[2004-01-01 23:05:10 | 000,100,786 | ---- | C] () – C:\Windows\ktkm28.dll
[2004-01-01 23:05:10 | 000,081,427 | ---- | C] () – C:\Windows\ktkm31.dll
[2004-01-01 23:05:10 | 000,065,092 | ---- | C] () – C:\Windows\ktkm27.dll
[2004-01-01 23:05:10 | 000,022,657 | ---- | C] () – C:\Windows\ktkm3.dll
[2004-01-01 23:05:09 | 000,538,410 | ---- | C] () – C:\Windows\ktkm20.dll
[2004-01-01 23:05:09 | 000,524,537 | ---- | C] () – C:\Windows\ktkm18.dll
[2004-01-01 23:05:09 | 000,370,880 | ---- | C] () – C:\Windows\ktkm22.dll
[2004-01-01 23:05:09 | 000,126,720 | ---- | C] () – C:\Windows\ktkm23.dll
[2004-01-01 23:05:09 | 000,070,888 | ---- | C] () – C:\Windows\ktkm19.dll
[2004-01-01 23:05:09 | 000,066,908 | ---- | C] () – C:\Windows\ktkm17.dll
[2004-01-01 23:05:09 | 000,064,070 | ---- | C] () – C:\Windows\ktkm21.dll
[2004-01-01 23:05:09 | 000,056,992 | ---- | C] () – C:\Windows\ktkm24.dll
[2004-01-01 23:05:09 | 000,049,094 | ---- | C] () – C:\Windows\ktkm25.dll
[2004-01-01 23:05:09 | 000,020,974 | ---- | C] () – C:\Windows\ktkm2.dll
[2004-01-01 23:05:08 | 000,803,601 | ---- | C] () – C:\Windows\ktkm16.dll
[2004-01-01 23:05:08 | 000,524,164 | ---- | C] () – C:\Windows\ktkm12.dll
[2004-01-01 23:05:08 | 000,307,617 | ---- | C] () – C:\Windows\ktkm15.dll
[2004-01-01 23:05:08 | 000,209,936 | ---- | C] () – C:\Windows\ktkm14.dll
[2004-01-01 23:05:08 | 000,099,867 | ---- | C] () – C:\Windows\ktkm13.dll
[2004-01-01 23:05:08 | 000,096,166 | ---- | C] () – C:\Windows\ktkm1.dll
[2004-01-01 23:05:08 | 000,062,631 | ---- | C] () – C:\Windows\ktkm11.dll
[2004-01-01 23:05:08 | 000,058,015 | ---- | C] () – C:\Windows\ktkm10.dll
========== LOP Check ==========
[2011-08-31 23:17:08 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\Babylon
[2011-09-14 11:55:37 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\Efficient Sticky Notes
[2011-09-01 10:25:17 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\Folder przesyłania Share-to-Web
[2011-09-01 09:20:11 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\Gadu-Gadu
[2011-08-31 22:17:21 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\OpenCandy
[2011-10-21 09:04:31 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\Opera
[2011-11-27 16:12:10 | 000,000,000 | —D | M] – C:\Users\Tomek\AppData\Roaming\SecondLife
[2011-11-29 09:00:39 | 000,032,604 | ---- | M] () – C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
W trybie awaryjnym załaduj ten skrypt do OTL
W okno Własne opcje skanowania / skrypt w OTL wklej:
Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania dasz później na forum
Po restarcie komputera uruchom go normalnie (nie w trybie awaryjnym) Ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.