sol

Witam, niestety nie jestem w stanie usunąć PuPów. Po wciśnięciu opcji deinstalacja nic mi się nie pojawia. W załaczniku log z frst. Pozdrawiam! Fixlog.txt

Witam! Bardzo dziekuję za pomoc - piszę z własnego PC (tak więc wszystko śmiga jak należy!). Poniżej przesyłam pozostałe logi. Jedyny mankament jaki na tą chwilę zauważyłem to "kłódeczki" przy każdej ikonce plików, których wczesniej nie było. Jeszcze raz po stokroć dziękuję Addition.txt Fixlog.txt FRST.txt Shortcut.txt

Witam niestety nie moglem zrobic tego wczesniej jako, ze pochlonely mnie sprawy sluzbowe. W zalaczniku przesylam nowe logi. Internetu nadal nie ma, jednak wrocila zawartosc mojego pulpitu,ktora wczesniej byla ukryta. Z gory dziekuje! Addition- NOWY.txt FRST -NOWY.txt Shortcut - NOWY.txt

Witam zrobilem tak jak pisalas, niestety nie moglem tego zrobic szybciej. Uzylem obydwu programow o ktorych pisalas z konta administratora, w zalaczniku przesylam logi,. Dziekuje i pozdrawiam,. Addition.txt FRST.txt Shortcut.txt

Nie, ponieważ nie miałem dostępu do internetu. Postaram się je jakoś zgrać na pendrive'a i przeskanować.

Witam serdecznie, Zrobiłem tak jak napisałaś, nie udało mi się usunąc browser managera, robiac to z konta administratora Sol dostalem informacje, ze nie mam dostepu. Potem przeskanowalem system avastem, rowniez przed uruchomieniem windowsa. Niestety doszedl kolejny problem, nie moga sie polaczyc juz z internetem, na jakimkolwiek koncie. DOstaje komunikat ,ze cos jest nie tak z routerem, co nie moze byc prawda, poniewaz pisze z innego pc podlaczonego do tego routera. Cholera, zglupialem.

Dziękuję Wieczorem, gdy tylko będzie to możliwe zrobie wszystko według Twoich zaleceń.

Bardzo dziękuję za wszelkie informacje. Konto: Solskier jest kontem administratora, konto Sol założyłem nie mogąc uruchomić combofixa. Prawdę powiedziawszy nie mam pojęcia jak to możliwe, że jest informacja przy logu FRST, że dwa konta są zalogowane, jako że logowałem się wyłącznie na konto 'Solskier' czyli konto administratora, które najwidoczniej utraciło te możliwości z niewyjaśnionych mi przyczyn. Do nowych objawów, które zauważyłem jest niemożność przeglądania niektórych plików graficznych. Dostaję informację, że nie mam do nich dostępu, bądź pliki są uszkodzone, co raczej jest mało prawdopodobne, bo są to pliki "świeżo-ściągnięte". Pozdrawiam.

Witam poniżej przesyłam logi z FRST. Log z GMERa edytowany w poście powyżej. Addition.txt FRST.txt Shortcut.txt

Witam, proszę wybaczyć brak moich e-manier Robal blokuje wszelkie mozliwosci administracyjne systemu (instalowanie/usuwanie programow, personalizacja systemu itp), utrudnia polaczenie z serwerami www, blokuje prace antywirusow. Na ta chwile wiecej objawow nie jestem w stanie stwierdzic. Probowalem dostarczyc log GMER, jednak robal rowniez zablokowal ten program (uwzgledniajac zmieniona nazwe), moze sprobowac w trybie awaryjnym? EDIT: LOG z FRST w załączniku EDIT 2: udalo mi sie zrobic log z GMERA, log ponizej: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-02 01:34:41 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD753LJ rev.1AA01118 698,64GB Running: uddwyqgn.exe; Driver: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\ugrdrkoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D44DAC4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8D5090BA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D44E5A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D45A63C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D45A688] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D45A822] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D45A5AA] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8D509494] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D45A5F2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8D509724] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8D50980E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D45A7DC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D44F390] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D44DB2A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D452B86] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D44D716] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8D509574] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D44DB90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D452F7C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D44FE78] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D45A666] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D45A6AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D45A846] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D45A5D0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D45247E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8D45A75A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D45A61A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8D45286A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D45A800] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8D509312] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8D44FCEC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8D44F9FA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D44DBF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D44DC5C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8D509670] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D44D7B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D44D982] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D44D910] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D44F55A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D44F6BC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D44DA0A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8D5093E0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D44F1EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8D44DCC2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8D509244] Code 8058ABFC ZwTraceEvent Code 8058ABFB NtTraceEvent ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!NtTraceEvent 8304CE34 5 Bytes JMP 8058AC00 .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8305D579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83081F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 83089714 4 Bytes [C4, DA, 44, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8308973C 4 Bytes [bA, 90, 50, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 8308979C 4 Bytes [A2, E5, 44, 8D] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 830897F0 8 Bytes [3C, A6, 45, 8D, 88, A6, 45, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 830897FC 4 Bytes [22, A8, 45, 8D] .text ... ? System32\Drivers\spqi.sys The system cannot find the path specified. ! .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8F622000, 0x2D1F8A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + 6 77B44A16 4 Bytes CALL 5AB34A40 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + B 77B44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + 6 77B45076 4 Bytes [28, EB, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + B 77B4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + 6 77B45126 4 Bytes CALL 5AB35150 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + B 77B4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + 6 77B451D6 4 Bytes JMP 5AB35200 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + B 77B451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessToken + B 77B451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + 6 77B451F6 4 Bytes JMP E2FF0025 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + B 77B451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + 6 77B45256 4 Bytes JMP 5AB35280 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + B 77B4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + 6 77B45266 4 Bytes JMP E2FF0025 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + B 77B4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadTokenEx + B 77B4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + 6 77B45386 4 Bytes CALL 5AB353B0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + B 77B4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryFullAttributesFile + B 77B4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + 6 77B45A86 4 Bytes JMP 5AB35AB0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + B 77B45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + 6 77B45AE6 4 Bytes JMP E2FF0025 .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + B 77B45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + 6 77B45E06 4 Bytes [68, EB, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + B 77B45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!LdrUnloadDll 77B5BE7F 5 Bytes JMP 003103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[648] ntdll.dll!LdrLoadDll 77B5F585 5 Bytes JMP 003101F8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[1288] kernel32.dll!SetUnhandledExceptionFilter 77CA3142 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 77CA3142 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 77B44A16 4 Bytes [28, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 77B44A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 77B45076 4 Bytes [28, 23, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 77B4507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 77B45126 4 Bytes [68, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 77B4512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 77B451D6 4 Bytes [A8, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 77B451DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 77B451EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 77B451F6 4 Bytes [A8, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 77B451FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 77B45256 4 Bytes [68, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 77B4525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 77B45266 4 Bytes [68, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 77B4526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 77B4527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 77B45386 4 Bytes [A8, 20, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 77B4538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 77B4543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 77B45A86 4 Bytes [28, 21, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 77B45A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 77B45AE6 4 Bytes [28, 22, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 77B45AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 77B45E06 4 Bytes [68, 23, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 77B45E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrUnloadDll 77B5BE7F 5 Bytes JMP 00A903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!LdrLoadDll 77B5F585 5 Bytes JMP 00A901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!LdrUnloadDll 77B5BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5992] ntdll.dll!LdrLoadDll 77B5F585 5 Bytes JMP 000E01F8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6140] kernel32.dll!SetUnhandledExceptionFilter 77CA3142 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74985624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74998573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74994D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74998819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7499E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll IAT C:\Windows\Explorer.EXE[3028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74994C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85F3E1F8 AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys Device \Driver\volmgr \Device\VolMgrControl 8527E1F8 Device \Driver\usbuhci \Device\USBPDO-0 8637E3F8 Device \Driver\usbuhci \Device\USBPDO-1 8637E3F8 Device \Driver\usbuhci \Device\USBPDO-2 8637E3F8 Device \Driver\sptd \Device\1888303615 spqi.sys Device \Driver\usbuhci \Device\USBPDO-3 8637E3F8 Device \Driver\usbehci \Device\USBPDO-4 864CE500 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys Device \Driver\volmgr \Device\HarddiskVolume1 8527E1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8527E1F8 Device \Driver\cdrom \Device\CdRom0 861F51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85F3C1F8 Device \Driver\atapi \Device\Ide\IdePort0 85F3C1F8 Device \Driver\atapi \Device\Ide\IdePort1 85F3C1F8 Device \Driver\atapi \Device\Ide\IdePort2 85F3C1F8 Device \Driver\atapi \Device\Ide\IdePort3 85F3C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 85F3C1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8527E1F8 Device \Driver\cdrom \Device\CdRom1 861F51F8 Device \Driver\PCI_PNP5614 \Device\00000073 spqi.sys Device \Driver\volmgr \Device\HarddiskVolume4 8527E1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 862EC470 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys Device \Driver\usbuhci \Device\USBFDO-0 8637E3F8 Device \Driver\usbuhci \Device\USBFDO-1 8637E3F8 Device \Driver\usbuhci \Device\USBFDO-2 8637E3F8 Device \Driver\usbuhci \Device\USBFDO-3 8637E3F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D845AF63-46B0-45A0-A5C3-2C04A6D996E8} 862EC470 Device \Driver\NetBT \Device\NetBT_Tcpip_{DB5C9235-ED5D-4244-B7A9-60863AFE4B6B} 862EC470 Device \Driver\usbehci \Device\USBFDO-4 864CE500 Device \Driver\amhw26jg \Device\Scsi\amhw26jg1Port4Path0Target0Lun0 864E8500 Device \Driver\amhw26jg \Device\Scsi\amhw26jg1 864E8500 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85f3c1f8]<< 85f3c1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860e6778] 860e6778 Trace 3 CLASSPNP.SYS[8958e59e] -> nt!IofCallDriver -> [0x86014918] 86014918 Trace 5 ACPI.sys[837aa3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85fe03d0] 85fe03d0 Trace \Driver\atapi[0x85fbdac8] -> IRP_MJ_CREATE -> 0x85f3c1f8 85f3c1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x18 0xBE 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0x2F 0xB4 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0xFD 0x7B 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x50 0x0C 0x0A 0xE5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x18 0xBE 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0x2F 0xB4 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0E 0xFD 0x7B 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x50 0x0C 0x0A 0xE5 ... ---- EOF - GMER 2.1 ---- Addition.txt FRST.txt Shortcut.txt

Witam wszystkich, dopadl mnie jakis nieprzyjemny robal. Nie jestem komputerowym alfa i omega, wiec goraco prosze o pomoc! Ponizej przesylam log z combofixa, z gory dziekuje dobrzy ludzie!!! ComboFix.txt