autorun.inf :(

[Guzo]

witam
proszę o analizę gdyż zapewne zaraziłem się tym złośliwym syfem

[Flash999]

Zacznijmy:
Uruchom OTL i w okienko wklej (bez kod):

Kod:

:processes
killallprocesses

:OTL
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windwda.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windwda.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqyrowd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqyrowd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\uldart.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\uldart.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ubsxm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ubsxm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nmaui.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nmaui.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hcvxgg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hcvxgg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\uvimvb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\uvimvb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingwman.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingwman.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkhfsyr.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkhfsyr.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fbdsls.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fbdsls.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmhxwk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmhxwk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pfhye.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pfhye.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxxjfw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxxjfw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\mcjtf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\mcjtf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cjjx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cjjx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winalweof.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winalweof.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwsyjee.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwsyjee.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hyxj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hyxj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxrwm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxrwm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwadw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwadw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\byxbet.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\byxbet.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxujly.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxujly.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winghmwsh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winghmwsh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wckcu.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wckcu.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bpnc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bpnc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\slqstv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\slqstv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnyyi.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnyyi.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\laxe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\laxe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ixfjn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ixfjn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaudurq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaudurq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqaopj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqaopj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winalmanc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winalmanc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qrggaj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qrggaj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xtqibs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xtqibs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ktwocx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ktwocx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rbct.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rbct.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\unga.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\unga.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintdgea.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintdgea.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\svqm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\svqm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\kqqxt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\kqqxt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nohh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nohh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winckqh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winckqh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\mlxbby.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\mlxbby.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\lxfqrr.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\lxfqrr.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\tfihfc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\tfihfc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjnyai.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjnyai.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsxte.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsxte.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winthyou.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winthyou.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwikf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwikf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qvtqna.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qvtqna.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingulp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingulp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wmbapo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wmbapo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincjhpw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincjhpw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\yrfum.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\yrfum.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjyki.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjyki.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windmstp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windmstp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fiypft.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fiypft.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\tyqxfn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\tyqxfn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windbss.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windbss.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmfofq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmfofq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlpjre.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlpjre.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbgmt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbgmt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\puqydh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\puqydh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsbcrtl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsbcrtl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cbkj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cbkj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\lkvqq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\lkvqq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nwfws.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nwfws.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windcpygp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windcpygp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pidkl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pidkl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bsmrem.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bsmrem.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnqwil.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnqwil.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vsfuob.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vsfuob.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winteknlh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winteknlh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\itbs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\itbs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qsfp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qsfp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fxoag.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fxoag.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qxlo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qxlo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pmjp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pmjp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlysc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlysc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winljgn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winljgn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsxktos.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsxktos.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnuca.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnuca.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rhffs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rhffs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqfmitc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqfmitc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvkuhnk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvkuhnk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiehokb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiehokb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyebvkl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyebvkl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhsiqon.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhsiqon.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fawf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fawf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windwmyd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windwmyd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\sfvl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\sfvl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintmmjfh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintmmjfh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\yodll.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\yodll.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hkjehx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hkjehx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winesghdh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winesghdh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winabyej.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winabyej.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xoxs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xoxs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windhrn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windhrn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winubmdn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winubmdn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkpvbt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkpvbt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\iwcwjp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\iwcwjp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaqhtvu.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaqhtvu.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jans.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jans.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winurou.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winurou.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejfkx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejfkx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\sqdg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\sqdg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ijjyk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ijjyk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\dlcxfw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\dlcxfw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyhtyos.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyhtyos.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxqoss.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxqoss.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winoexl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winoexl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\gqrpf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\gqrpf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvobtra.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvobtra.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\podrah.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\podrah.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qbsbd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qbsbd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrlbdl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrlbdl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nngy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nngy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qibbq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qibbq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\dsvy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\dsvy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winatewp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winatewp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincass.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincass.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaavo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaavo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winohgnfb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winohgnfb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bhcj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bhcj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjttks.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjttks.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnnlfe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnnlfe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfrlo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfrlo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vrjmqx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vrjmqx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ryue.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ryue.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winodpst.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winodpst.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpwhp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpwhp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmaqr.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmaqr.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winllgya.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winllgya.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winchtcih.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winchtcih.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyjpg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyjpg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\claa.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\claa.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\lcwf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\lcwf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winssdv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winssdv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrkkiq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrkkiq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winimrm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winimrm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winawvbss.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winawvbss.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkuoa.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkuoa.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rfqt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rfqt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wyar.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wyar.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xkoes.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xkoes.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winujmmxe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winujmmxe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jboy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jboy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winygud.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winygud.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winafqwkk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winafqwkk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjkua.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjkua.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windjchkt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windjchkt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvvrqio.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvvrqio.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winectk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winectk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\irsvdy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\irsvdy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jksel.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jksel.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmympdp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmympdp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrends.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winrends.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwipndg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwipndg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintqktee.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintqktee.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winljfs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winljfs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bxxqus.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bxxqus.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvgcit.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvgcit.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winilcvab.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winilcvab.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejqdhl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejqdhl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\oagdv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\oagdv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winatihmm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winatihmm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windtjuo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windtjuo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winajri.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winajri.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\lidkx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\lidkx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jmege.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jmege.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiitutg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiitutg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ovkr.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ovkr.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvnlnf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvnlnf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingxnt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingxnt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cvxnxx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cvxnxx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfdulsp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfdulsp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wlbh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wlbh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpdwu.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpdwu.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhimy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhimy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxoss.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxoss.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wuwvx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wuwvx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqeiio.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqeiio.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintswak.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintswak.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuqynwl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuqynwl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpbto.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpbto.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbomtae.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbomtae.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jjho.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jjho.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmjlkb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmjlkb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vmvoo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vmvoo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winglvy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winglvy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rtsuuw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rtsuuw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wyqx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wyqx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windvli.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windvli.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winegytt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winegytt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhwdti.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhwdti.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winanvqx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winanvqx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xpjig.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xpjig.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuomm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuomm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vjklu.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vjklu.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnpdlg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnpdlg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bwsjfs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bwsjfs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windgbmy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windgbmy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\oimido.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\oimido.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyvhjxn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyvhjxn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingxai.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingxai.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmjqhq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmjqhq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwmwjv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwmwjv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\mert.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\mert.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winofemj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winofemj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyjbtb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyjbtb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\aqyym.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\aqyym.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmkyl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winmkyl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\yqgq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\yqgq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qjvb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qjvb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpcgj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpcgj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nuugmw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nuugmw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hvcjil.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hvcjil.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\obigw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\obigw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxjgnji.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxjgnji.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\yqwb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\yqwb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winggvhml.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winggvhml.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\depsui.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\depsui.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingrfftd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingrfftd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ofmbi.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ofmbi.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winflis.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winflis.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winagvpd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winagvpd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\aqyo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\aqyo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fjvc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fjvc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintwyom.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintwyom.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wdpnoi.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wdpnoi.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\mcqlpe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\mcqlpe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winohwnxi.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winohwnxi.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpalgee.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpalgee.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiakf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiakf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cains.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cains.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ugrh.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ugrh.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\tbvaml.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\tbvaml.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyxxlm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyxxlm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cyvk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cyvk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wbjwdc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wbjwdc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rfohq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rfohq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wtsxwo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wtsxwo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pyqroa.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pyqroa.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cnixt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cnixt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\kyxf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\kyxf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ocpnl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ocpnl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\lxjy.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\lxjy.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnbqdyw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winnbqdyw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\sykvg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\sykvg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuqyep.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winuqyep.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windxovv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windxovv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsjkut.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsjkut.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintsxurs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintsxurs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbeqpw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbeqpw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\sjio.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\sjio.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pwdp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pwdp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\eume.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\eume.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fjkn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fjkn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxqeho.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxqeho.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\jkmrn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\jkmrn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\scpus.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\scpus.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\rjuje.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\rjuje.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhbwd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhbwd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pqpt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pqpt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\meqyur.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\meqyur.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaiibry.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaiibry.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\qvbks.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\qvbks.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vjmnv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vjmnv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fitn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fitn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\kvlnar.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\kvlnar.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\bovxm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\bovxm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvxqcp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winvxqcp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ulljt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ulljt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winspgkk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winspgkk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winubueb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winubueb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqnqjs.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winqnqjs.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\dkkb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\dkkb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhmumu.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winhmumu.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwdlbt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winwdlbt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\scdd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\scdd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyxusl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyxusl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpaib.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpaib.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hadmn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hadmn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\naxsxg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\naxsxg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpmst.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpmst.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjneb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjneb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\vhineb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\vhineb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\nqco.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\nqco.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkjayk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkjayk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winycbgso.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winycbgso.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winludrn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winludrn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsavjgb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winsavjgb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiipk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winiipk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\iyyvtl.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\iyyvtl.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pwvkt.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pwvkt.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjsai.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjsai.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlktcx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winlktcx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintgkwd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintgkwd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\hseqi.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\hseqi.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\tnhmwe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\tnhmwe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbqgpe.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winbqgpe.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wglb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wglb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winoxpo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winoxpo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\pjgvx.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\pjgvx.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\windfdkk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\windfdkk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingvfvyv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wingvfvyv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xkeq.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xkeq.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfwgtm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfwgtm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\fuyk.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\fuyk.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\kshj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\kshj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winayscg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winayscg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkjjfa.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winkjjfa.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wineiudj.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wineiudj.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winupjc.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winupjc.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ayjo.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ayjo.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ylqb.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ylqb.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\gilakg.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\gilakg.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjfduv.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winjfduv.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\yvhys.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\yvhys.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winioaeyp.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winioaeyp.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\sevdyw.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\sevdyw.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfirrot.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winfirrot.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintbwm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintbwm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincrybss.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wincrybss.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejgaf.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ejgaf.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\ragqd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\ragqd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xfcn.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xfcn.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\cthrwd.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\cthrwd.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyflhos.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winyflhos.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintupau.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\wintupau.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpfdih.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winpfdih.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winswqcur.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winswqcur.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\xqio.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\xqio.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaerjqm.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winaerjqm.exe:*:Enabled:ipsec
"D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxgti.exe" = D:\DOCUME~1\Guzo\USTAWI~1\Temp\winxgti.exe:*:Enabled:ipsec -- ()

:Files
D:\Documents and Settings\Guzo\Ustawienia lokalne\temp\winxgti.exe
D:\DOCUME~1\Guzo\USTAWI~1\Temp\*.exe
autorun.inf /alldrives

:Services
amsint32

Kliknij wykonaj skrypt. Daj log z usuwania.

Zaktualizuj:
IE do wersji 8
Flash Player do 13
Gadu-Gadu
Firefox do 13.0.1
zainstaluj wszystkie poprawki

OTL był uruchomiony aż cztery razy.
Daj log z Combofixa (został poprzednio użyty, daj ten stary log)

Przeskanuj te pliki na Virustotal.com i daj link:
D:\fljuly.pif
D:\WINDOWS\System32\FlashPlayerApp.exe
D:\WINDOWS\System32\zllictbl.dat

Wykonaj skan Malwarebytes'' Anti-Malware i wrzuć raport.

[zord]

zllictbl.dat to od zonealarm

[Flash999]

Czyli pozostaje skan tylko tych dwóch plików.

Dzięki zord.

[tachion]

Hmm a tutaj podobne do infekcji jakie powoduje sality

[Guzo]

Kod:

========== PROCESSES ==========
All processes killed
No active process named :OTL was found!
No active process named windwda.exe:*:Enabled:ipsec was found!
No active process named winqyrowd.exe:*:Enabled:ipsec was found!
No active process named uldart.exe:*:Enabled:ipsec was found!
No active process named ubsxm.exe:*:Enabled:ipsec was found!
No active process named nmaui.exe:*:Enabled:ipsec was found!
No active process named hcvxgg.exe:*:Enabled:ipsec was found!
No active process named uvimvb.exe:*:Enabled:ipsec was found!
No active process named wingwman.exe:*:Enabled:ipsec was found!
No active process named winkhfsyr.exe:*:Enabled:ipsec was found!
No active process named fbdsls.exe:*:Enabled:ipsec was found!
No active process named winmhxwk.exe:*:Enabled:ipsec was found!
No active process named pfhye.exe:*:Enabled:ipsec was found!
No active process named winxxjfw.exe:*:Enabled:ipsec was found!
No active process named mcjtf.exe:*:Enabled:ipsec was found!
No active process named cjjx.exe:*:Enabled:ipsec was found!
No active process named winalweof.exe:*:Enabled:ipsec was found!
No active process named winwsyjee.exe:*:Enabled:ipsec was found!
No active process named hyxj.exe:*:Enabled:ipsec was found!
No active process named winxrwm.exe:*:Enabled:ipsec was found!
No active process named winwadw.exe:*:Enabled:ipsec was found!
No active process named byxbet.exe:*:Enabled:ipsec was found!
No active process named winxujly.exe:*:Enabled:ipsec was found!
No active process named winghmwsh.exe:*:Enabled:ipsec was found!
No active process named wckcu.exe:*:Enabled:ipsec was found!
No active process named bpnc.exe:*:Enabled:ipsec was found!
No active process named slqstv.exe:*:Enabled:ipsec was found!
No active process named winnyyi.exe:*:Enabled:ipsec was found!
No active process named laxe.exe:*:Enabled:ipsec was found!
No active process named ixfjn.exe:*:Enabled:ipsec was found!
No active process named winaudurq.exe:*:Enabled:ipsec was found!
No active process named winqaopj.exe:*:Enabled:ipsec was found!
No active process named winalmanc.exe:*:Enabled:ipsec was found!
No active process named qrggaj.exe:*:Enabled:ipsec was found!
No active process named xtqibs.exe:*:Enabled:ipsec was found!
No active process named ktwocx.exe:*:Enabled:ipsec was found!
No active process named rbct.exe:*:Enabled:ipsec was found!
No active process named unga.exe:*:Enabled:ipsec was found!
No active process named wintdgea.exe:*:Enabled:ipsec was found!
No active process named svqm.exe:*:Enabled:ipsec was found!
No active process named kqqxt.exe:*:Enabled:ipsec was found!
No active process named nohh.exe:*:Enabled:ipsec was found!
No active process named winckqh.exe:*:Enabled:ipsec was found!
No active process named mlxbby.exe:*:Enabled:ipsec was found!
No active process named lxfqrr.exe:*:Enabled:ipsec was found!
No active process named tfihfc.exe:*:Enabled:ipsec was found!
No active process named winjnyai.exe:*:Enabled:ipsec was found!
No active process named winsxte.exe:*:Enabled:ipsec was found!
No active process named winthyou.exe:*:Enabled:ipsec was found!
No active process named winwikf.exe:*:Enabled:ipsec was found!
No active process named qvtqna.exe:*:Enabled:ipsec was found!
No active process named wingulp.exe:*:Enabled:ipsec was found!
No active process named wmbapo.exe:*:Enabled:ipsec was found!
No active process named wincjhpw.exe:*:Enabled:ipsec was found!
No active process named yrfum.exe:*:Enabled:ipsec was found!
No active process named winjyki.exe:*:Enabled:ipsec was found!
No active process named windmstp.exe:*:Enabled:ipsec was found!
No active process named fiypft.exe:*:Enabled:ipsec was found!
No active process named tyqxfn.exe:*:Enabled:ipsec was found!
No active process named windbss.exe:*:Enabled:ipsec was found!
No active process named winmfofq.exe:*:Enabled:ipsec was found!
No active process named winlpjre.exe:*:Enabled:ipsec was found!
No active process named winbgmt.exe:*:Enabled:ipsec was found!
No active process named puqydh.exe:*:Enabled:ipsec was found!
No active process named winsbcrtl.exe:*:Enabled:ipsec was found!
No active process named cbkj.exe:*:Enabled:ipsec was found!
No active process named lkvqq.exe:*:Enabled:ipsec was found!
No active process named nwfws.exe:*:Enabled:ipsec was found!
No active process named windcpygp.exe:*:Enabled:ipsec was found!
No active process named pidkl.exe:*:Enabled:ipsec was found!
No active process named bsmrem.exe:*:Enabled:ipsec was found!
No active process named winnqwil.exe:*:Enabled:ipsec was found!
No active process named vsfuob.exe:*:Enabled:ipsec was found!
No active process named winteknlh.exe:*:Enabled:ipsec was found!
No active process named itbs.exe:*:Enabled:ipsec was found!
No active process named qsfp.exe:*:Enabled:ipsec was found!
No active process named fxoag.exe:*:Enabled:ipsec was found!
No active process named qxlo.exe:*:Enabled:ipsec was found!
No active process named pmjp.exe:*:Enabled:ipsec was found!
No active process named winlysc.exe:*:Enabled:ipsec was found!
No active process named winljgn.exe:*:Enabled:ipsec was found!
No active process named winsxktos.exe:*:Enabled:ipsec was found!
No active process named winnuca.exe:*:Enabled:ipsec was found!
No active process named rhffs.exe:*:Enabled:ipsec was found!
No active process named winqfmitc.exe:*:Enabled:ipsec was found!
No active process named winvkuhnk.exe:*:Enabled:ipsec was found!
No active process named winiehokb.exe:*:Enabled:ipsec was found!
No active process named winyebvkl.exe:*:Enabled:ipsec was found!
No active process named winhsiqon.exe:*:Enabled:ipsec was found!
No active process named fawf.exe:*:Enabled:ipsec was found!
No active process named windwmyd.exe:*:Enabled:ipsec was found!
No active process named sfvl.exe:*:Enabled:ipsec was found!
No active process named wintmmjfh.exe:*:Enabled:ipsec was found!
No active process named yodll.exe:*:Enabled:ipsec was found!
No active process named hkjehx.exe:*:Enabled:ipsec was found!
No active process named winesghdh.exe:*:Enabled:ipsec was found!
No active process named winabyej.exe:*:Enabled:ipsec was found!
No active process named xoxs.exe:*:Enabled:ipsec was found!
No active process named windhrn.exe:*:Enabled:ipsec was found!
No active process named winubmdn.exe:*:Enabled:ipsec was found!
No active process named winkpvbt.exe:*:Enabled:ipsec was found!
No active process named iwcwjp.exe:*:Enabled:ipsec was found!
No active process named winaqhtvu.exe:*:Enabled:ipsec was found!
No active process named jans.exe:*:Enabled:ipsec was found!
No active process named winurou.exe:*:Enabled:ipsec was found!
No active process named ejfkx.exe:*:Enabled:ipsec was found!
No active process named sqdg.exe:*:Enabled:ipsec was found!
No active process named ijjyk.exe:*:Enabled:ipsec was found!
No active process named dlcxfw.exe:*:Enabled:ipsec was found!
No active process named winyhtyos.exe:*:Enabled:ipsec was found!
No active process named winxqoss.exe:*:Enabled:ipsec was found!
No active process named winoexl.exe:*:Enabled:ipsec was found!
No active process named gqrpf.exe:*:Enabled:ipsec was found!
No active process named winvobtra.exe:*:Enabled:ipsec was found!
No active process named podrah.exe:*:Enabled:ipsec was found!
No active process named qbsbd.exe:*:Enabled:ipsec was found!
No active process named winrlbdl.exe:*:Enabled:ipsec was found!
No active process named nngy.exe:*:Enabled:ipsec was found!
No active process named qibbq.exe:*:Enabled:ipsec was found!
No active process named dsvy.exe:*:Enabled:ipsec was found!
No active process named winatewp.exe:*:Enabled:ipsec was found!
No active process named wincass.exe:*:Enabled:ipsec was found!
No active process named winaavo.exe:*:Enabled:ipsec was found!
No active process named winohgnfb.exe:*:Enabled:ipsec was found!
No active process named bhcj.exe:*:Enabled:ipsec was found!
No active process named winjttks.exe:*:Enabled:ipsec was found!
No active process named winnnlfe.exe:*:Enabled:ipsec was found!
No active process named winfrlo.exe:*:Enabled:ipsec was found!
No active process named vrjmqx.exe:*:Enabled:ipsec was found!
No active process named ryue.exe:*:Enabled:ipsec was found!
No active process named winodpst.exe:*:Enabled:ipsec was found!
No active process named winpwhp.exe:*:Enabled:ipsec was found!
No active process named winmaqr.exe:*:Enabled:ipsec was found!
No active process named winllgya.exe:*:Enabled:ipsec was found!
No active process named winchtcih.exe:*:Enabled:ipsec was found!
No active process named winyjpg.exe:*:Enabled:ipsec was found!
No active process named claa.exe:*:Enabled:ipsec was found!
No active process named lcwf.exe:*:Enabled:ipsec was found!
No active process named winssdv.exe:*:Enabled:ipsec was found!
No active process named winrkkiq.exe:*:Enabled:ipsec was found!
No active process named winimrm.exe:*:Enabled:ipsec was found!
No active process named winawvbss.exe:*:Enabled:ipsec was found!
No active process named winkuoa.exe:*:Enabled:ipsec was found!
No active process named rfqt.exe:*:Enabled:ipsec was found!
No active process named wyar.exe:*:Enabled:ipsec was found!
No active process named xkoes.exe:*:Enabled:ipsec was found!
No active process named winujmmxe.exe:*:Enabled:ipsec was found!
No active process named jboy.exe:*:Enabled:ipsec was found!
No active process named winygud.exe:*:Enabled:ipsec was found!
No active process named winafqwkk.exe:*:Enabled:ipsec was found!
No active process named winjkua.exe:*:Enabled:ipsec was found!
No active process named windjchkt.exe:*:Enabled:ipsec was found!
No active process named winvvrqio.exe:*:Enabled:ipsec was found!
No active process named winectk.exe:*:Enabled:ipsec was found!
No active process named irsvdy.exe:*:Enabled:ipsec was found!
No active process named jksel.exe:*:Enabled:ipsec was found!
No active process named winmympdp.exe:*:Enabled:ipsec was found!
No active process named winrends.exe:*:Enabled:ipsec was found!
No active process named winwipndg.exe:*:Enabled:ipsec was found!
No active process named wintqktee.exe:*:Enabled:ipsec was found!
No active process named winljfs.exe:*:Enabled:ipsec was found!
No active process named bxxqus.exe:*:Enabled:ipsec was found!
No active process named winvgcit.exe:*:Enabled:ipsec was found!
No active process named winilcvab.exe:*:Enabled:ipsec was found!
No active process named ejqdhl.exe:*:Enabled:ipsec was found!
No active process named oagdv.exe:*:Enabled:ipsec was found!
No active process named winatihmm.exe:*:Enabled:ipsec was found!
No active process named windtjuo.exe:*:Enabled:ipsec was found!
No active process named winajri.exe:*:Enabled:ipsec was found!
No active process named lidkx.exe:*:Enabled:ipsec was found!
No active process named jmege.exe:*:Enabled:ipsec was found!
No active process named winiitutg.exe:*:Enabled:ipsec was found!
No active process named ovkr.exe:*:Enabled:ipsec was found!
No active process named winvnlnf.exe:*:Enabled:ipsec was found!
No active process named wingxnt.exe:*:Enabled:ipsec was found!
No active process named cvxnxx.exe:*:Enabled:ipsec was found!
No active process named winfdulsp.exe:*:Enabled:ipsec was found!
No active process named wlbh.exe:*:Enabled:ipsec was found!
No active process named winpdwu.exe:*:Enabled:ipsec was found!
No active process named winhimy.exe:*:Enabled:ipsec was found!
No active process named winxoss.exe:*:Enabled:ipsec was found!
No active process named wuwvx.exe:*:Enabled:ipsec was found!
No active process named winqeiio.exe:*:Enabled:ipsec was found!
No active process named wintswak.exe:*:Enabled:ipsec was found!
No active process named winuqynwl.exe:*:Enabled:ipsec was found!
No active process named winpbto.exe:*:Enabled:ipsec was found!
No active process named winbomtae.exe:*:Enabled:ipsec was found!
No active process named jjho.exe:*:Enabled:ipsec was found!
No active process named winmjlkb.exe:*:Enabled:ipsec was found!
No active process named vmvoo.exe:*:Enabled:ipsec was found!
No active process named winglvy.exe:*:Enabled:ipsec was found!
No active process named rtsuuw.exe:*:Enabled:ipsec was found!
No active process named wyqx.exe:*:Enabled:ipsec was found!
No active process named windvli.exe:*:Enabled:ipsec was found!
No active process named winegytt.exe:*:Enabled:ipsec was found!
No active process named winhwdti.exe:*:Enabled:ipsec was found!
No active process named winanvqx.exe:*:Enabled:ipsec was found!
No active process named xpjig.exe:*:Enabled:ipsec was found!
No active process named winuomm.exe:*:Enabled:ipsec was found!
No active process named vjklu.exe:*:Enabled:ipsec was found!
No active process named winnpdlg.exe:*:Enabled:ipsec was found!
No active process named bwsjfs.exe:*:Enabled:ipsec was found!
No active process named windgbmy.exe:*:Enabled:ipsec was found!
No active process named oimido.exe:*:Enabled:ipsec was found!
No active process named winyvhjxn.exe:*:Enabled:ipsec was found!
No active process named wingxai.exe:*:Enabled:ipsec was found!
No active process named winmjqhq.exe:*:Enabled:ipsec was found!
No active process named winwmwjv.exe:*:Enabled:ipsec was found!
No active process named mert.exe:*:Enabled:ipsec was found!
No active process named winofemj.exe:*:Enabled:ipsec was found!
No active process named winyjbtb.exe:*:Enabled:ipsec was found!
No active process named aqyym.exe:*:Enabled:ipsec was found!
No active process named winmkyl.exe:*:Enabled:ipsec was found!
No active process named yqgq.exe:*:Enabled:ipsec was found!
No active process named qjvb.exe:*:Enabled:ipsec was found!
No active process named winpcgj.exe:*:Enabled:ipsec was found!
No active process named nuugmw.exe:*:Enabled:ipsec was found!
No active process named hvcjil.exe:*:Enabled:ipsec was found!
No active process named obigw.exe:*:Enabled:ipsec was found!
No active process named winxjgnji.exe:*:Enabled:ipsec was found!
No active process named yqwb.exe:*:Enabled:ipsec was found!
No active process named winggvhml.exe:*:Enabled:ipsec was found!
No active process named depsui.exe:*:Enabled:ipsec was found!
No active process named wingrfftd.exe:*:Enabled:ipsec was found!
No active process named ofmbi.exe:*:Enabled:ipsec was found!
No active process named winflis.exe:*:Enabled:ipsec was found!
No active process named winagvpd.exe:*:Enabled:ipsec was found!
No active process named aqyo.exe:*:Enabled:ipsec was found!
No active process named fjvc.exe:*:Enabled:ipsec was found!
No active process named wintwyom.exe:*:Enabled:ipsec was found!
No active process named wdpnoi.exe:*:Enabled:ipsec was found!
No active process named mcqlpe.exe:*:Enabled:ipsec was found!
No active process named winohwnxi.exe:*:Enabled:ipsec was found!
No active process named winpalgee.exe:*:Enabled:ipsec was found!
No active process named winiakf.exe:*:Enabled:ipsec was found!
No active process named cains.exe:*:Enabled:ipsec was found!
No active process named ugrh.exe:*:Enabled:ipsec was found!
No active process named tbvaml.exe:*:Enabled:ipsec was found!
No active process named winyxxlm.exe:*:Enabled:ipsec was found!
No active process named cyvk.exe:*:Enabled:ipsec was found!
No active process named wbjwdc.exe:*:Enabled:ipsec was found!
No active process named rfohq.exe:*:Enabled:ipsec was found!
No active process named wtsxwo.exe:*:Enabled:ipsec was found!
No active process named pyqroa.exe:*:Enabled:ipsec was found!
No active process named cnixt.exe:*:Enabled:ipsec was found!
No active process named kyxf.exe:*:Enabled:ipsec was found!
No active process named ocpnl.exe:*:Enabled:ipsec was found!
No active process named lxjy.exe:*:Enabled:ipsec was found!
No active process named winnbqdyw.exe:*:Enabled:ipsec was found!
No active process named sykvg.exe:*:Enabled:ipsec was found!
No active process named winuqyep.exe:*:Enabled:ipsec was found!
No active process named windxovv.exe:*:Enabled:ipsec was found!
No active process named winsjkut.exe:*:Enabled:ipsec was found!
No active process named wintsxurs.exe:*:Enabled:ipsec was found!
No active process named winbeqpw.exe:*:Enabled:ipsec was found!
No active process named sjio.exe:*:Enabled:ipsec was found!
No active process named pwdp.exe:*:Enabled:ipsec was found!
No active process named eume.exe:*:Enabled:ipsec was found!
No active process named fjkn.exe:*:Enabled:ipsec was found!
No active process named winxqeho.exe:*:Enabled:ipsec was found!
No active process named jkmrn.exe:*:Enabled:ipsec was found!
No active process named scpus.exe:*:Enabled:ipsec was found!
No active process named rjuje.exe:*:Enabled:ipsec was found!
No active process named winhbwd.exe:*:Enabled:ipsec was found!
No active process named pqpt.exe:*:Enabled:ipsec was found!
No active process named meqyur.exe:*:Enabled:ipsec was found!
No active process named winaiibry.exe:*:Enabled:ipsec was found!
No active process named qvbks.exe:*:Enabled:ipsec was found!
No active process named vjmnv.exe:*:Enabled:ipsec was found!
No active process named fitn.exe:*:Enabled:ipsec was found!
No active process named kvlnar.exe:*:Enabled:ipsec was found!
No active process named bovxm.exe:*:Enabled:ipsec was found!
No active process named winvxqcp.exe:*:Enabled:ipsec was found!
No active process named ulljt.exe:*:Enabled:ipsec was found!
No active process named winspgkk.exe:*:Enabled:ipsec was found!
No active process named winubueb.exe:*:Enabled:ipsec was found!
No active process named winqnqjs.exe:*:Enabled:ipsec was found!
No active process named dkkb.exe:*:Enabled:ipsec was found!
No active process named winhmumu.exe:*:Enabled:ipsec was found!
No active process named winwdlbt.exe:*:Enabled:ipsec was found!
No active process named scdd.exe:*:Enabled:ipsec was found!
No active process named winyxusl.exe:*:Enabled:ipsec was found!
No active process named winpaib.exe:*:Enabled:ipsec was found!
No active process named hadmn.exe:*:Enabled:ipsec was found!
No active process named naxsxg.exe:*:Enabled:ipsec was found!
No active process named winpmst.exe:*:Enabled:ipsec was found!
No active process named winjneb.exe:*:Enabled:ipsec was found!
No active process named vhineb.exe:*:Enabled:ipsec was found!
No active process named nqco.exe:*:Enabled:ipsec was found!
No active process named winkjayk.exe:*:Enabled:ipsec was found!
No active process named winycbgso.exe:*:Enabled:ipsec was found!
No active process named winludrn.exe:*:Enabled:ipsec was found!
No active process named winsavjgb.exe:*:Enabled:ipsec was found!
No active process named winiipk.exe:*:Enabled:ipsec was found!
No active process named iyyvtl.exe:*:Enabled:ipsec was found!
No active process named pwvkt.exe:*:Enabled:ipsec was found!
No active process named winjsai.exe:*:Enabled:ipsec was found!
No active process named winlktcx.exe:*:Enabled:ipsec was found!
No active process named wintgkwd.exe:*:Enabled:ipsec was found!
No active process named hseqi.exe:*:Enabled:ipsec was found!
No active process named tnhmwe.exe:*:Enabled:ipsec was found!
No active process named winbqgpe.exe:*:Enabled:ipsec was found!
No active process named wglb.exe:*:Enabled:ipsec was found!
No active process named winoxpo.exe:*:Enabled:ipsec was found!
No active process named pjgvx.exe:*:Enabled:ipsec was found!
No active process named windfdkk.exe:*:Enabled:ipsec was found!
No active process named wingvfvyv.exe:*:Enabled:ipsec was found!
No active process named xkeq.exe:*:Enabled:ipsec was found!
No active process named winfwgtm.exe:*:Enabled:ipsec was found!
No active process named fuyk.exe:*:Enabled:ipsec was found!
No active process named kshj.exe:*:Enabled:ipsec was found!
No active process named winayscg.exe:*:Enabled:ipsec was found!
No active process named winkjjfa.exe:*:Enabled:ipsec was found!
No active process named wineiudj.exe:*:Enabled:ipsec was found!
No active process named winupjc.exe:*:Enabled:ipsec was found!
No active process named ayjo.exe:*:Enabled:ipsec was found!
No active process named ylqb.exe:*:Enabled:ipsec was found!
No active process named gilakg.exe:*:Enabled:ipsec was found!
No active process named winjfduv.exe:*:Enabled:ipsec was found!
No active process named yvhys.exe:*:Enabled:ipsec was found!
No active process named winioaeyp.exe:*:Enabled:ipsec was found!
No active process named sevdyw.exe:*:Enabled:ipsec was found!
No active process named winfirrot.exe:*:Enabled:ipsec was found!
No active process named wintbwm.exe:*:Enabled:ipsec was found!
No active process named wincrybss.exe:*:Enabled:ipsec was found!
No active process named ejgaf.exe:*:Enabled:ipsec was found!
No active process named ragqd.exe:*:Enabled:ipsec was found!
No active process named xfcn.exe:*:Enabled:ipsec was found!
No active process named cthrwd.exe:*:Enabled:ipsec was found!
No active process named winyflhos.exe:*:Enabled:ipsec was found!
No active process named wintupau.exe:*:Enabled:ipsec was found!
No active process named winpfdih.exe:*:Enabled:ipsec was found!
No active process named winswqcur.exe:*:Enabled:ipsec was found!
No active process named xqio.exe:*:Enabled:ipsec was found!
No active process named winaerjqm.exe:*:Enabled:ipsec was found!
No active process named winxgti.exe:*:Enabled:ipsec -- was found!
No active process named :Files was found!
No active process named winxgti.exe was found!
No active process named *.exe was found!
No active process named autorun.inf /alldrives was found!
No active process named :Services was found!
No active process named amsint32 was found!

OTL by OldTimer - Version 3.2.48.0 log created on 06232012_223444

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

IE nie używam
gg mi nie odpowiada, to nowe
firefox jeżeli nie jest to konieczne wolałbym nie

combolog

Kod:

ComboFix 12-06-09.02 - Guzo 2012-06-10 0:39.1.2 - x86
Microsoft Windows XP Professional5.1.2600.3.1250.48.1045.18.2046.1679 [GMT 2:00]
Uruchomiony z: d:\documents and settings\Guzo\Pulpit\ComboFix.exe
FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Utworzono nowy punkt przywracania
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
D:\autorun.inf
d:\documents and settings\Guzo\Ustawienia lokalne\Dane aplikacji\unins000.exe
d:\program files\codec
d:\program files\codec\AC3Filter\ac3filter.ax
d:\program files\codec\AC3Filter\ac3filter_eng.html
d:\program files\codec\AC3Filter\dialog_patch.exe
d:\program files\codec\AC3Filter\gpl_eng.txt
d:\program files\codec\AC3Filter\Pic\email.gif
d:\program files\codec\AC3Filter\Pic\equalizer.gif
d:\program files\codec\AC3Filter\Pic\filters.gif
d:\program files\codec\AC3Filter\Pic\flag_eng.gif
d:\program files\codec\AC3Filter\Pic\flag_ita.gif
d:\program files\codec\AC3Filter\Pic\flag_rus.gif
d:\program files\codec\AC3Filter\Pic\main.gif
d:\program files\codec\AC3Filter\Pic\mixer.gif
d:\program files\codec\AC3Filter\Pic\preset.gif
d:\program files\codec\AC3Filter\Pic\system.gif
d:\program files\codec\AC3Filter\readme.txt
d:\program files\codec\Divx5\config.exe
d:\program files\codec\history.txt
d:\program files\codec\readme.txt
d:\program files\codec\Uninstall\unins000.dat
d:\program files\codec\Uninstall\unins000.exe
d:\program files\codec\XviD\AviC.exe
d:\program files\codec\XviD\gpl.txt
d:\program files\codec\XviD\MiniCalc.exe
d:\program files\codec\XviD\MiniCalc.txt
d:\program files\codec\XviD\ReadMe.txt
d:\program files\codec\XviD\UninstXviD.exe
d:\program files\codec\XviD\XviD.ico
d:\program files\update.exe
d:\windows\daemon.dll
d:\windows\iun6002.exe
d:\windows\pkunzip.pif
d:\windows\pkzip.pif
d:\windows\system32\dllcache\dlimport.exe
d:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_PLUGPLAYCM
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-05-09 do 2012-06-09)))))))))))))))))))))))))))))))
.
.
2012-06-05 23:03 . 2012-06-05 23:03    103140    ----a-w-    D:\xgnrcu.exe
2012-06-05 20:20 . 2012-06-05 20:20    --------    d-----w-    D:\CCE_Quarantine
2012-06-03 14:30 . 2010-08-29 00:53    69120    ----a-w-    d:\windows\system32\zlcomm.dll
2012-06-03 14:30 . 2010-08-29 00:53    103936    ----a-w-    d:\windows\system32\zlcommdb.dll
2012-06-03 12:59 . 2012-06-03 12:59    159608    ----a-w-    d:\windows\system32\mfevtps.exe.24d0.deleteme
2012-06-03 12:58 . 2012-06-03 12:58    159608    ----a-w-    d:\windows\system32\mfevtps.exe.ebd4.deleteme
2012-06-03 11:25 . 2012-06-03 11:25    159608    ----a-w-    d:\windows\system32\mfevtps.exe.5b4c.deleteme
2012-06-03 11:24 . 2012-06-03 11:24    14664    ----a-w-    d:\windows\stinger.sys
2012-06-03 11:24 . 2012-06-03 11:22    159608    ----a-w-    d:\windows\system32\mfevtps.exe.502e.deleteme
2012-06-03 11:21 . 2012-06-03 14:14    --------    d-----w-    d:\program files\stinger
2012-05-15 22:15 . 2012-05-15 22:15    --------    d-----w-    d:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 22:46 . 2012-06-09 22:46    103140    --sh--r-    D:\jgeyti.pif
2012-05-18 18:44 . 2012-03-29 11:18    419488    ----a-w-    d:\windows\system32\FlashPlayerApp.exe
2012-05-18 18:44 . 2011-10-09 14:51    70304    ----a-w-    d:\windows\system32\FlashPlayerCPLApp.cpl
2008-02-14 12:23 . 2008-02-14 12:23    305672    ----a-w-    d:\program files\gwflash.exe
2007-09-21 17:42 . 2007-09-21 17:42    19008    ----a-w-    d:\program files\markfun.a64
2007-08-21 17:49 . 2007-08-21 17:49    125504    ----a-w-    d:\program files\MarkFunDrv.dll
2007-08-21 17:49 . 2007-08-21 17:49    17912    ----a-w-    d:\program files\markfun.w32
2007-03-02 02:48 . 2007-03-02 02:48    318272    ----a-w-    d:\program files\gwf32.exe
2006-11-23 21:47 . 2006-11-23 21:47    285504    ----a-w-    d:\program files\BIOS_Run.exe
2006-11-23 21:40 . 2006-11-23 21:40    60224    ----a-w-    d:\program files\HUADRV.DLL
2005-04-27 17:40 . 2005-04-27 17:40    6800    ----a-w-    d:\program files\W95_HUA.vxd
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 569344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"nwiz"="d:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"ZoneAlarm Client"="d:\program files\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\G A M E S\\Steam\\SteamApps\\fcguz\\counter-strike\\hl.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\G A M E S\\LineAge II\\system\\L2.exe"=
"d:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"d:\\Program Files\\CCleaner\\CCleaner.exe"=
"d:\\Program Files\\RocketDock\\RocketDock.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"d:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLED.EXE"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\WINDOWS\\system32\\devldr32.exe"=
.
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [2011-10-09 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [2011-10-09 5248]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-05 2348352]
S3 DrvAgent32;DrvAgent32;d:\windows\system32\drivers\DrvAgent32.sys [2011-10-14 23456]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - WS2IFSL
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.62 62.179.1.63
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Guzo\Dane aplikacji\Mozilla\Firefox\Profiles\ye5pp5ug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.o2.pl
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 62.142.57.72
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 62.142.57.72
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.socks - 62.142.57.72
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 62.142.57.72
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Easy DragToGo: {21cfaec0-dbb3-11dc-95ff-0800200c9a66} - %profile%\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: MinimizeToTray: {3502a070-ea2f-11dd-ba2f-0800200c9a66} - %profile%\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DriverAgentPlugin for Firefox and Opera: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} - %profile%\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
FF - Ext: Java Quick Starter: [email protected] - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - d:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Codec_is1 - d:\program files\Codec\Uninstall\unins000.exe
AddRemove-Cool''s_Codec_pack_4.12 - d:\windows\iun6002.exe
AddRemove-XviD - d:\program files\Codec\XviD\UninstXviD.exe
AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - d:\documents and settings\Guzo\Ustawienia lokalne\Dane aplikacji\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 00:45
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
.
d:\docume~1\Guzo\USTAWI~1\Temp\MPC2.tmp 8728 bytes
d:\docume~1\Guzo\USTAWI~1\Temp\~DFBB37.tmp 16384 bytes
d:\docume~1\Guzo\USTAWI~1\Temp\~DFBB8D.tmp 512 bytes
.
skanowanie pomyślnie ukończone
ukryte pliki: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > ''explorer.exe''(3000)
d:\program files\RocketDock\RocketDock.dll
d:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\windows\system32\RunDLL32.exe
d:\windows\system32\devldr32.exe
d:\windows\system32\nvsvc32.exe
d:\docume~1\Guzo\USTAWI~1\Temp\winpnnhba.exe
.
**************************************************************************
.
Czas ukończenia: 2012-06-1000:48:56 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt2012-06-09 22:48
.
Przed: 17 720 123 392 bajtów wolnych
Po: 17 597 743 104 bajtów wolnych
.
- - End Of File - - BD1D5F87BF2E1A708FB519DC93C2D097

virustotal.com mi się nie wyświetla

Kod:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Wersja bazy: v2012.06.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Guzo :: DOM-QBNA21V2VVJ [administrator]

2012-06-23 22:52:47
mbam-log-2012-06-24.txt

Typ skanowania: Pełne skanowanie
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 285517
Upłynęło: 1 godzin(y), 28 minut(y), 38 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Nie wykonano akcji.
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Nie wykonano akcji.

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Złe: (1) Dobre: (0) -> Nie wykonano akcji.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Złe: (1) Dobre: (0) -> Nie wykonano akcji.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Złe: (1) Dobre: (0) -> Nie wykonano akcji.

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 14
D:\Documents and Settings\Guzo\Ustawienia lokalne\temp\winvxtc.exe (Backdoor.Agent.H) -> Nie wykonano akcji.
C:\pbmx.exe (Malware.Packer.Gen) -> Nie wykonano akcji.
C:\pliki\crimsonland\Crimsonland198.exe (Trojan.Bancos) -> Nie wykonano akcji.
C:\pliki\Diablo II\d2_keygenerator.exe (RiskWare.Tool.CK) -> Nie wykonano akcji.
C:\pliki\LAII\systemy\pro\system\GameGuard.des (Trojan.Agent) -> Nie wykonano akcji.
C:\pliki\LAII\systemy\ru\system\GameGuard.des (Trojan.Agent) -> Nie wykonano akcji.
C:\ster\Kyodai Mahjongg.exe (Trojan.StartPage) -> Nie wykonano akcji.
C:\ster - moje\za\Keygen.exe (Riskware.Tool.CK) -> Nie wykonano akcji.
C:\System Volume Information\_restore{B5550518-DB6F-48E3-A784-6617CCB968B1}\RP2\A0000147.exe (RiskWare.Tool.CK) -> Nie wykonano akcji.
C:\G A M E S\LineAge II\system\GameGuard.des (Trojan.Agent) -> Nie wykonano akcji.
C:\G A M E S\LineAge II\system2\GameGuard.des (Trojan.Agent) -> Nie wykonano akcji.
D:\fljuly.pif (Malware.Packer.Gen) -> Nie wykonano akcji.
D:\CCE_Quarantine\{8F31AA60-5351-4B7B-AA46-4AD80659E559} (Backdoor.IRCBot) -> Nie wykonano akcji.
D:\Program Files\NoAdware5.0\nutils.dll (Rogue.Agent) -> Nie wykonano akcji.

(zakończone)

[Flash999]

Usuń to, co wykrył MBAM.
Skrypt w OTL się nie wykonał , jednak zostawmy to na potem.
Nie ma co, trzeba leczyć - mamy Sality.

Tutaj masz napisane co robić:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Guzo]

dzięki
wykonuję, gdyby format był możliwy już dawno bym to poczynił

[Flash999]

Pozostaje leczenie, przydatny może być Sality Killer i rmsality.exe od AVG.

[tommyklab]

IE nie używam

Nie szkodzi, że nie używasz; IE jest składnikiem systemu i ma być, a raczej powinien być uaktualniony do najnowszego łącznie z wszystkimi krytycznymi łatkami dla systemu (ważnymi).

[Guzo]

odnośnie ie przyjąłem
sality chyba usunięty, jeszcze kilka scanów machne