Windows problem z virusami

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich

Mam taki problem z kilkoma wirusami wszystko zaczęło sie kiedy scigalem pare programow do convertowania filmow i po jakims czasie wyskoczylo mi zielone tlo w tym na samym srodku pisalo your system is injured rozpoczolem skan w programie Internet Security i wszyskoczylo mi 25 wirosow i wszystki z folderu Windows, i wlasnie nie wiem czy usunac je poniewaz boje sie ze mi system nie odpali. :frowning: Tutaj mam raport analizy

Wiec jak by mi mogl ktos powiedziec co mam zrobic byl bym wdzieczny :slight_smile:

#2

HJT już jest starym narzędziem. Widać u Ciebie infekcję.

Pokaż log z: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan.

Opis - hijackthis-rsit-otl-dds-inne-instrukcja-t36654.html na dole.

Wykonaj pełny skan Dr. Web CureIt

#3

masz tu scan ktory zrobilem tak jak mowiles

OTL logfile created on: 2009-12-19 10:33:05 - Run 1

OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\SysOp\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.1 | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 30,55 Gb Free Space | 13,12% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: COA12

Current User Name: SysOp

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (All) ==========[/color]


PRC - [2009-12-19 10:31:56 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Pulpit\OTL.exe

PRC - [2009-12-18 23:00:01 | 00,489,984 | ---- | M] () -- C:\WINDOWS.1\system32\qtplugin.exe

PRC - [2009-12-18 20:34:46 | 00,028,164 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Temp\user.exe

PRC - [2009-12-18 18:49:07 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-12-18 18:40:08 | 01,375,232 | ---- | M] (Internet Security 2010) -- C:\Program Files\InternetSecurity2010\IS2010.exe

PRC - [2009-12-18 18:35:53 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Temp\r25lgbrsd.exe

PRC - [2009-12-18 18:35:51 | 00,020,480 | ---- | M] () -- C:\WINDOWS.1\system32\winupdate86.exe

PRC - [2009-11-20 13:51:34 | 02,335,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

PRC - [2009-10-17 12:46:47 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-07-21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS.1\system32\ati2evxx.exe

PRC - [2009-01-14 22:33:58 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008-12-31 18:04:38 | 00,549,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\winlogon.exe

PRC - [2008-12-31 18:03:17 | 01,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\explorer.exe

PRC - [2008-04-14 20:51:44 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\spoolsv.exe

PRC - [2008-04-14 20:51:44 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\smss.exe

PRC - [2008-04-14 20:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\svchost.exe [RPCSS]

PRC - [2008-04-14 20:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\svchost.exe [NETWORKSERVICE]

PRC - [2008-04-14 20:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\svchost.exe [NETSVCS]

PRC - [2008-04-14 20:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\svchost.exe [LOCALSERVICE]

PRC - [2008-04-14 20:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\svchost.exe [DCOMLAUNCH]

PRC - [2008-04-14 20:51:40 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\services.exe

PRC - [2008-04-14 20:51:40 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\scardsvr.exe

PRC - [2008-04-14 20:51:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\lsass.exe

PRC - [2008-04-14 20:51:12 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\csrss.exe

PRC - [2008-03-20 11:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2007-03-21 07:49:20 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.1\RTHDCPL.exe

PRC - [2005-07-26 01:20:12 | 00,880,640 | ---- | M] () -- C:\Program Files\3Com\3Com Wireless Utility\WLanCfgAG.exe

PRC - [2005-07-12 14:17:34 | 00,045,056 | ---- | M] () -- C:\Program Files\3Com\3Com Wireless Utility\InvHelp.exe

PRC - [2004-03-29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\3Com\3Com Wireless Utility\WLService.exe



[color=#E56717]========== Modules (All) ==========[/color]


MOD - [2009-12-19 10:31:56 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Pulpit\OTL.exe

MOD - [2009-12-04 22:19:58 | 00,049,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\gth.dll

MOD - [2009-09-15 12:55:49 | 00,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll

MOD - [2008-12-31 18:05:53 | 00,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\wininet.dll

MOD - [2008-12-31 18:05:46 | 00,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\shlwapi.dll

MOD - [2008-12-31 18:02:00 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\srclient.dll

MOD - [2008-12-31 18:01:08 | 01,392,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\setupapi.dll

MOD - [2008-12-31 17:39:19 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\uxtheme.dll

MOD - [2008-12-31 17:36:34 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\normaliz.dll

MOD - [2008-12-31 17:36:05 | 00,266,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\iertutil.dll

MOD - [2008-11-09 17:03:58 | 25,531,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\shell32.dll

MOD - [2008-04-14 20:51:58 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\winspool.drv

MOD - [2008-04-14 20:50:58 | 00,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\userenv.dll

MOD - [2008-04-14 20:50:58 | 00,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\winmm.dll

MOD - [2008-04-14 20:50:58 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\wldap32.dll

MOD - [2008-04-14 20:50:58 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\version.dll

MOD - [2008-04-14 20:50:46 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\ole32.dll

MOD - [2008-04-14 20:50:46 | 00,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\rpcrt4.dll

MOD - [2008-04-14 20:50:46 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\oleaut32.dll

MOD - [2008-04-14 20:50:46 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\olepro32.dll

MOD - [2008-04-14 20:50:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\samlib.dll

MOD - [2008-04-14 20:50:46 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\secur32.dll

MOD - [2008-04-14 20:50:46 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\psapi.dll

MOD - [2008-04-14 20:50:42 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\ntmarta.dll

MOD - [2008-04-14 20:50:40 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\msvcrt.dll

MOD - [2008-04-14 20:50:40 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\msimg32.dll

MOD - [2008-04-14 20:50:36 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\kernel32.dll

MOD - [2008-04-14 20:50:34 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\imagehlp.dll

MOD - [2008-04-14 20:50:34 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\imm32.dll

MOD - [2008-04-14 20:50:32 | 00,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\gdi32.dll

MOD - [2008-04-14 20:50:32 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\wbem\framedyn.dll

MOD - [2008-04-14 20:50:00 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\advapi32.dll

MOD - [2008-04-14 20:49:16 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\ntdll.dll

MOD - [2008-04-14 20:43:00 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\MSCTFIME.IME

MOD - [2008-04-14 20:29:10 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS.1\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

MOD - [2007-07-11 05:06:54 | 00,642,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\system32\user32.dll

MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [On_Demand | Stopped] -- -- (ALG)

SRV - [2009-10-22 20:20:34 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca534cbbb9eea8) Usługa Google Update (gupdate1ca534cbbb9eea8)

SRV - [2009-10-18 02:17:52 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009-07-21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS.1\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2009-07-21 09:40:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS.1\system32\ati2sgag.exe -- (ATI Smart)

SRV - [2004-03-29 16:08:16 | 00,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\3Com\3Com Wireless Utility\WLService.exe -- (3Com 3CRDAG675B Wireless LAN PCI Adapter WLService)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-10-17 00:01:42 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS.1\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)

DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS.1\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.1\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS.1\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.1\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS.1\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009-07-21 17:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-12-31 17:40:38 | 00,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.1\system32\drivers\si3112.sys -- (Si3112)

DRV - [2008-10-17 09:50:00 | 00,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)

DRV - [2008-10-17 09:50:00 | 00,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)

DRV - [2008-04-13 20:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.1\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008-04-13 20:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-03-26 12:21:06 | 04,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-08-15 06:09:48 | 00,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006-06-18 22:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS.1\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005-06-14 15:50:28 | 00,463,232 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\net5213xp.sys -- (net5213)

DRV - [2004-08-13 19:56:20 | 00,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2003-09-25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\GTNDIS5.sys -- (GTNDIS5)

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.1\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Search Powered by Google"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2384137&SearchSource=13"

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.0.5

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {31c7d459-9cc3-44f2-9dca-fc11795309b4}:2.4.0.4



FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-10-17 12:47:07 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-18 18:49:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-18 18:49:12 | 00,000,000 | ---D | M]


[2009-10-17 12:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions

[2009-12-18 23:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mpzfprtz.default\extensions

[2009-12-18 23:31:44 | 00,000,000 | ---D | M] (IObitCom Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mpzfprtz.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}

[2009-10-21 19:01:26 | 00,000,866 | ---- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mpzfprtz.default\searchplugins\conduit.xml

[2009-12-19 10:24:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-06-12 07:13:32 | 00,075,184 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

[2008-06-27 23:05:21 | 00,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll

[2008-09-17 22:49:48 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

[2009-05-29 22:37:01 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009-09-01 14:32:58 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-09-01 14:32:58 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-09-01 14:32:59 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-09-01 14:32:59 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-09-01 14:32:59 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-09-01 14:32:59 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS.1\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS.1\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [InvHelp.exe] C:\Program Files\3Com\3Com Wireless Utility\InvHelp.exe ()

O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS.1\system32\qtplugin.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.1\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS.1\system32\winupdate86.exe ()

O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\SysOp\Ustawienia lokalne\Temp\user.exe ()

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)

O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\SysOp\ntload.dll ()

O4 - HKCU..\Run: [RegistryMonitor1] C:\WINDOWS.1\System32\qtplugin.exe ()

O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\Documents and Settings\SysOp\Ustawienia lokalne\Temp\r25lgbrsd.exe ()

O4 - Startup: C:\Documents and Settings\SysOp\Menu Start\Programy\Autostart\scandisk.dll ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.1\System32\winhelper86.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.1\System32\winhelper86.dll ()

O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.1\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.1\system32\winlogon86.exe) - C:\WINDOWS.1\system32\winlogon86.exe ()

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.1\System32\sysdm.cpl (cr1t1cal)

O20 - Winlogon\Notify\3CLogon: DllName - 3CLogon.dll - C:\WINDOWS.1\System32\3CLogon.dll (3Com Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.1\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-02-04 23:24:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS.1\system32\ias [2009-10-16 23:35:47 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found





[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2009-12-19 10:31:56 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Pulpit\OTL.exe

[2009-12-19 10:26:09 | 66,801,928 | ---- | C] (Doctor Web, Ltd. ) -- C:\Documents and Settings\SysOp\Pulpit\drweb-500-win-space.exe

[2009-12-19 00:49:00 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\SysOp\Recent

[2009-12-18 23:57:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\BackUp

[2009-12-18 23:56:39 | 00,000,000 | ---D | C] -- C:\WINDOWS.1\System32\NtmsData

[2009-12-18 23:31:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\IObit

[2009-12-18 23:31:43 | 00,000,000 | ---D | C] -- C:\Program Files\IObit

[2009-12-18 23:31:15 | 08,897,336 | ---- | C] (IObit ) -- C:\Documents and Settings\SysOp\Pulpit\asc-setup.exe

[2009-12-18 20:35:50 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswRdr.sys

[2009-12-18 20:35:49 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswTdi.sys

[2009-12-18 20:35:49 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aavmker4.sys

[2009-12-18 20:35:48 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswSP.sys

[2009-12-18 20:35:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\AvastSS.scr

[2009-12-18 20:35:48 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswmon2.sys

[2009-12-18 20:35:48 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswmon.sys

[2009-12-18 20:35:48 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\drivers\aswFsBlk.sys

[2009-12-18 20:35:26 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS.1\System32\aswBoot.exe

[2009-12-18 20:31:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\Avast.Professional.4.8.1358.Klucz-szyszki.xaburoo

[2009-12-18 20:09:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2009-12-18 20:09:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dane aplikacji\Norton

[2009-12-18 20:07:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dane aplikacji\NortonInstaller

[2009-12-18 19:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2009-12-18 18:40:48 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010

[2009-12-18 18:35:56 | 00,000,000 | -HSD | C] -- C:\WINDOWS.1\System32\lowsec

[2009-12-18 18:35:50 | 00,105,984 | ---- | C] (Yteqyd) -- C:\dgintl.exe

[2009-12-18 18:18:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\AnvSoft

[2009-12-18 18:04:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\Allok.3GP.PSP.MP4.iPod.Video.Converter.6.2.0603.Full.Version

[2009-12-10 18:52:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS.1\System32\GroupPolicy

[2009-12-03 18:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\ipla

[2009-12-03 18:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.1\Dane aplikacji\ipla

[2009-12-03 18:25:38 | 00,000,000 | ---D | C] -- C:\Program Files\ipla

[2009-12-03 18:25:32 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.1\System32\gdiplus.dll

[2009-12-03 18:25:32 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.1\System32\mfc71.dll

[2009-12-02 21:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike 1.6

[2008-11-08 00:56:09 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\twain_32

[2008-02-05 21:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7

[2008-02-05 21:54:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2008-02-05 21:54:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2008-02-05 21:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-02-05 21:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[3 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp ->]

[1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2009-12-19 10:32:38 | 66,801,928 | ---- | M] (Doctor Web, Ltd. ) -- C:\Documents and Settings\SysOp\Pulpit\drweb-500-win-space.exe

[2009-12-19 10:31:56 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Pulpit\OTL.exe

[2009-12-19 10:25:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\18467.exe

[2009-12-19 10:06:34 | 00,009,848 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-12-19 10:05:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\41.exe

[2009-12-19 10:05:21 | 00,002,854 | ---- | M] () -- C:\WINDOWS.1\System32\critical_warning.html

[2009-12-19 10:04:36 | 00,001,032 | ---- | M] () -- C:\WINDOWS.1\tasks\GoogleUpdateTaskMachineCore.job

[2009-12-19 10:04:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS.1\tasks\SA.DAT

[2009-12-19 10:04:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS.1\bootstat.dat

[2009-12-19 10:03:56 | 00,088,704 | ---- | M] () -- C:\WINDOWS.1\System32\FNTCACHE.DAT

[2009-12-19 00:49:07 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT

[2009-12-19 00:49:07 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini

[2009-12-19 00:48:57 | 06,376,462 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-19 00:43:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS.1\tasks\GoogleUpdateTaskMachineUA.job

[2009-12-19 00:31:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\15724.exe

[2009-12-19 00:25:01 | 08,066,426 | ---- | M] () -- C:\Documents and Settings\SysOp\Moje dokumenty\Dokument.rtf

[2009-12-19 00:11:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\19169.exe

[2009-12-18 23:51:40 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\26500.exe

[2009-12-18 23:31:49 | 00,000,151 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\IObit Freeware.url

[2009-12-18 23:31:48 | 00,000,878 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\Advanced SystemCare.lnk

[2009-12-18 23:31:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS.1\System32\6334.exe

[2009-12-18 23:31:32 | 08,897,336 | ---- | M] (IObit ) -- C:\Documents and Settings\SysOp\Pulpit\asc-setup.exe

[2009-12-18 23:00:01 | 00,489,984 | ---- | M] () -- C:\WINDOWS.1\System32\qtplugin.exe

[2009-12-18 21:10:23 | 00,000,661 | -HS- | M] () -- C:\Documents and Settings\SysOp\Menu Start\Programy\Autostart\scandisk.lnk

[2009-12-18 20:35:50 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\avast! Antivirus.lnk

[2009-12-18 20:35:48 | 00,002,645 | ---- | M] () -- C:\WINDOWS.1\System32\CONFIG.NT

[2009-12-18 18:44:09 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CCleaner.lnk

[2009-12-18 18:40:48 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Internet Security 2010.lnk

[2009-12-18 18:39:59 | 00,019,456 | ---- | M] () -- C:\WINDOWS.1\System32\winhelper86.dll

[2009-12-18 18:35:56 | 00,000,001 | ---- | M] () -- C:\s

[2009-12-18 18:35:51 | 00,105,984 | ---- | M] (Yteqyd) -- C:\dgintl.exe

[2009-12-18 18:35:51 | 00,020,480 | ---- | M] () -- C:\WINDOWS.1\System32\winupdate86.exe

[2009-12-18 18:35:51 | 00,020,480 | ---- | M] () -- C:\WINDOWS.1\System32\winlogon86.exe

[2009-12-18 18:35:51 | 00,020,480 | ---- | M] () -- C:\qomxqpmk.exe

[2009-12-18 18:33:13 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-18 17:43:36 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\Google Chrome.lnk

[2009-12-16 17:28:26 | 22,600,376 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\gg10.exe

[2009-12-16 17:24:06 | 00,002,184 | ---- | M] () -- C:\WINDOWS.1\System32\wpa.dbl

[2009-12-10 18:02:48 | 01,874,914 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\AtlasLoot-v5.09.00.zip

[2009-12-03 18:25:43 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\ipla.lnk

[2009-12-03 18:25:33 | 01,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\System32\mfc71.dll

[2009-12-03 18:25:32 | 01,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.1\System32\gdiplus.dll

[2009-12-03 18:18:51 | 12,936,056 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\iplasetup.exe

[3 C:\WINDOWS.1\*.tmp files -> C:\WINDOWS.1\*.tmp ->]

[1 C:\WINDOWS.1\System32\*.tmp files -> C:\WINDOWS.1\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2009-12-19 00:31:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\15724.exe

[2009-12-19 00:25:00 | 08,066,426 | ---- | C] () -- C:\Documents and Settings\SysOp\Moje dokumenty\Dokument.rtf

[2009-12-19 00:11:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\19169.exe

[2009-12-18 23:31:49 | 00,000,151 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\IObit Freeware.url

[2009-12-18 23:31:48 | 00,000,878 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\Advanced SystemCare.lnk

[2009-12-18 23:00:03 | 00,489,984 | ---- | C] () -- C:\WINDOWS.1\System32\qtplugin.exe

[2009-12-18 20:35:50 | 00,001,713 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\avast! Antivirus.lnk

[2009-12-18 20:35:26 | 00,380,928 | ---- | C] () -- C:\WINDOWS.1\System32\actskin4.ocx

[2009-12-18 20:24:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\26500.exe

[2009-12-18 20:04:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\6334.exe

[2009-12-18 19:00:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\18467.exe

[2009-12-18 18:44:09 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CCleaner.lnk

[2009-12-18 18:40:48 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Internet Security 2010.lnk

[2009-12-18 18:40:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS.1\System32\41.exe

[2009-12-18 18:39:59 | 00,019,456 | ---- | C] () -- C:\WINDOWS.1\System32\winhelper86.dll

[2009-12-18 18:39:57 | 00,002,854 | ---- | C] () -- C:\WINDOWS.1\System32\critical_warning.html

[2009-12-18 18:35:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS.1\System32\winupdate86.exe

[2009-12-18 18:35:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS.1\System32\winlogon86.exe

[2009-12-18 18:35:56 | 00,000,001 | ---- | C] () -- C:\s

[2009-12-18 18:35:51 | 00,020,480 | ---- | C] () -- C:\qomxqpmk.exe

[2009-12-18 18:04:16 | 00,129,024 | ---- | C] () -- C:\WINDOWS.1\System32\AVERM.dll

[2009-12-16 17:26:19 | 22,600,376 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\gg10.exe

[2009-12-10 18:02:18 | 01,874,914 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\AtlasLoot-v5.09.00.zip

[2009-12-03 18:25:43 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.1\Pulpit\ipla.lnk

[2009-12-03 18:17:33 | 12,936,056 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\iplasetup.exe

[2009-10-30 00:12:37 | 00,795,648 | ---- | C] () -- C:\WINDOWS.1\System32\xvidcore.dll

[2009-10-30 00:10:19 | 00,168,448 | ---- | C] () -- C:\WINDOWS.1\System32\unrar.dll

[2009-10-18 00:49:51 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-17 00:12:49 | 00,021,582 | ---- | C] () -- C:\WINDOWS.1\Ascd_tmp.ini

[2009-10-17 00:01:33 | 00,094,208 | ---- | C] () -- C:\WINDOWS.1\System32\GTW32N50.dll

[2009-10-17 00:01:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS.1\System32\3com.dll

[2009-10-16 23:52:53 | 00,021,899 | ---- | C] () -- C:\WINDOWS.1\Ascd_log.ini

[2009-10-16 23:52:42 | 00,005,810 | R--- | C] () -- C:\WINDOWS.1\System32\drivers\ASACPI.sys

[2009-10-16 23:52:22 | 00,010,288 | ---- | C] () -- C:\WINDOWS.1\System32\drivers\ASUSHWIO.SYS

[2008-02-24 12:47:55 | 00,064,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat


[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< %systemdrive%\*.* >[/color]

[2008-02-04 23:24:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-10-16 23:53:12 | 00,000,473 | RHS- | M] () -- C:\boot.ini

[2001-07-22 00:13:54 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2008-02-04 23:24:02 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008-11-08 23:45:50 | 04,743,112 | ---- | M] (DT Soft Ltd.) -- C:\daemon4301-lite[www.instalki.pl].exe

[2009-12-18 18:35:51 | 00,105,984 | ---- | M] (Yteqyd) -- C:\dgintl.exe

[2009-10-10 01:28:22 | 19,026,9791 | ---- | M] () -- C:\flstudio_9.0_final.exe

[2008-02-04 23:24:02 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2008-10-25 22:36:31 | 01,865,246 | ---- | M] () -- C:\MakeDisk.zip

[2008-02-04 23:24:02 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008-04-13 20:13:04 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008-04-13 22:02:00 | 00,251,152 | RHS- | M] () -- C:\ntldr

[2008-04-14 20:49:16 | 00,105,984 | R--- | M] (Yteqyd) -- C:\ntldrs

[2009-12-19 10:03:55 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[2008-09-07 01:23:58 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2008-11-09 20:48:35 | 00,000,156 | ---- | M] () -- C:\prepatch.log

[2009-12-18 18:35:51 | 00,020,480 | ---- | M] () -- C:\qomxqpmk.exe

[2009-10-17 00:06:53 | 00,000,516 | ---- | M] () -- C:\RHDSetup.log

[2009-12-18 18:35:56 | 00,000,001 | ---- | M] () -- C:\s

[2008-11-23 19:12:03 | 00,004,366 | ---- | M] () -- C:\stinger.txt

[2008-02-14 20:54:26 | 01,062,020 | ---- | M] () -- C:\VV_Install.log

[2008-11-09 20:15:20 | 76,891,667 | ---- | M] (Blizzard Entertainment) -- C:\War3TFT_122a_Polski.exe

< End of report >
#4

Ściągnij >LSP-Fix zaznacz " I know what I’m doing",

następnie w okienku Keep zaznacz plik winhelper86.dll (innych plikow NIE ruszaj, bo internet przestanie działać)

i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish i restart kompa.

Zaraz wyedytuję swój post i podam, co dalej…

EDIT:

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

Sprawdź GO na --> JOTTI/

albo na VIRUSTOTAL.

EDIT3:

Czy to sam instalowałeś?

A może to jest to: >http://www.lavasoft.com/mylavasoft/securitycenter/blog/new-rogue-internetsecurity2010

JESSI