Blue screen przy uruchamianiu, kapryśne ładowanie systemu

[radek258]

Problem polega na tym, że przy ładowaniu systemu nie zawsze, ale często, przy etapie na którym widać logo xp i pasek, wyrzuca mi blue screena(znika tak szybko, ze ledwie zobaczę błękitne tło, dlatego kodu błędu nie podam) i system powraca do ekranu początkowego. Po kilku próbach system włącza się, czasem nawet za pierwszym razem.

Log z Hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:11, on 2008-10-17
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Konnekt\konnekt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Radek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: Winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{59D5FC43-74AD-4A04-994E-D2EDF2E6FFEE}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7704 bytes


Combofix

Kod: Zaznacz wszystko

ComboFix 08-10-16.08 - Radek 2008-10-17 20:11:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.60 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Radek\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-18 do 2008-10-18  )))))))))))))))))))))))))))))))
.

2008-10-17 19:32 . 2008-10-16 12:17   <DIR>   d--------   C:\SDFix
2008-10-17 08:07 . 2008-10-17 08:07   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Teleca
2008-10-16 19:43 . 2008-10-16 19:43   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:39 . 2008-10-16 19:39   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Sony Ericsson
2008-10-16 19:38 . 2008-10-16 19:38   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-10-16 19:38 . 2008-10-16 19:43   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2008-10-16 19:38 . 2008-10-16 19:38   <DIR>   d--------   C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-16 19:33 . 2008-10-16 19:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-10-16 19:33 . 2008-10-16 19:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-10-15 19:39 . 2008-10-15 19:39   <DIR>   d--------   C:\Program Files\KotOR2-PL
2008-10-13 17:52 . 2008-10-13 17:52   <DIR>   d--------   C:\Program Files\Windows Live
2008-10-13 15:11 . 2008-10-13 15:11   <DIR>   d--------   C:\WINDOWS\Sun
2008-10-12 17:25 . 2008-10-12 17:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-10-12 17:22 . 2008-10-12 17:22   <DIR>   d--------   C:\Program Files\Hewlett-Packard
2008-10-12 17:17 . 2005-03-08 06:43   51,120   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-12 17:17 . 2005-03-08 06:43   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-12 17:16 . 2005-03-08 06:43   21,744   -ra------   C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-12 17:16 . 2008-04-14 00:15   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-12 17:16 . 2008-04-14 00:15   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-12 17:14 . 2004-09-29 12:12   278,584   --a------   C:\WINDOWS\system32\HPZidr12.dll
2008-10-12 17:14 . 2004-09-29 12:15   204,800   --a------   C:\WINDOWS\system32\HPZipr12.dll
2008-10-12 17:14 . 2004-09-29 12:09   94,208   --a------   C:\WINDOWS\system32\HPZipt12.dll
2008-10-12 17:14 . 2004-09-29 12:14   69,632   --a------   C:\WINDOWS\system32\HPZipm12.exe
2008-10-12 17:14 . 2004-09-29 12:08   61,440   --a------   C:\WINDOWS\system32\HPZinw12.exe
2008-10-12 17:14 . 2004-09-29 12:09   57,344   --a------   C:\WINDOWS\system32\HPZisn12.dll
2008-10-12 17:12 . 2008-10-12 17:25   <DIR>   d--------   C:\Program Files\HP
2008-10-12 17:11 . 2008-10-09 19:51   113,073   ---------   C:\WINDOWS\hpoins07.dat.temp
2008-10-12 17:11 . 2005-05-24 10:22   21,124   ---------   C:\WINDOWS\hpomdl07.dat.temp
2008-10-12 16:50 . 2008-04-14 00:15   32,128   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-12 16:50 . 2008-04-14 00:15   32,128   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-12 16:50 . 2008-04-14 00:17   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-12 16:50 . 2008-04-14 00:17   25,856   --a--c---   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-11 19:14 . 2008-10-11 19:14   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Nero
2008-10-11 19:03 . 2008-10-11 19:03   <DIR>   d--------   C:\Program Files\Nero
2008-10-11 19:03 . 2008-10-11 19:08   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-10-11 19:03 . 2008-10-11 19:03   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-10-11 18:18 . 2008-10-11 18:23   <DIR>   d--------   C:\Program Files\SubDownloader2
2008-10-11 17:59 . 2008-10-11 17:59   <DIR>   d--------   C:\Program Files\ALLPlayer
2008-10-11 17:49 . 2008-10-11 18:21   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-10-11 15:06 . 2008-10-11 15:06   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Gadu-Gadu
2008-10-11 14:24 . 2008-10-11 14:27   <DIR>   d--------   C:\Documents and Settings\Radek\Gadu-Gadu
2008-10-10 22:16 . 2008-10-10 22:16   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-10-09 19:19 . 2008-10-09 19:19   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2008-10-09 19:16 . 2008-10-12 17:25   <DIR>   d--------   C:\Program Files\Common Files\HP
2008-10-09 19:02 . 2008-10-09 19:02   <DIR>   d--------   C:\Program Files\Common Files\Hewlett-Packard
2008-10-09 18:47 . 2008-10-09 18:47   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\HP
2008-10-09 18:47 . 2008-10-14 19:00   113,574   --a------   C:\WINDOWS\hpoins07.dat
2008-10-09 18:47 . 2005-05-24 10:22   21,124   ---------   C:\WINDOWS\hpomdl07.dat
2008-10-07 17:58 . 2008-10-13 16:00   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\skypePM
2008-10-07 17:58 . 2008-10-07 17:58   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-10-07 17:52 . 2008-10-07 17:52   <DIR>   d--------   C:\Program Files\Skype
2008-10-07 17:52 . 2008-10-07 17:52   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-10-07 17:52 . 2008-10-13 17:29   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Skype
2008-10-07 17:52 . 2008-10-07 17:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-10-05 17:28 . 2008-10-15 20:45   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2008-10-04 14:29 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-10-04 14:25 . 2008-10-04 14:25   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-10-04 14:23 . 2008-10-04 14:23   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-10-04 14:20 . 2008-10-08 17:19   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 8
2008-10-04 14:18 . 2008-10-04 14:24   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-10-04 14:18 . 2008-10-13 17:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-10-04 14:17 . 2008-10-04 14:17   <DIR>   dr-h-----   C:\MSOCache
2008-10-04 10:55 . 2004-08-04 00:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-10-03 22:59 . 2008-04-14 00:15   26,368   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-03 20:57 . 2008-10-03 20:57   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-10-03 20:57 . 2008-10-03 20:57   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-10-03 20:57 . 2008-10-04 14:25   <DIR>   d--------   C:\Program Files\MSBuild
2008-10-03 20:54 . 2008-07-06 14:06   1,676,288   ---------   C:\WINDOWS\system32\xpssvcs.dll
2008-10-03 20:54 . 2008-07-06 14:06   1,676,288   -----c---   C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-10-03 20:54 . 2008-07-06 12:50   597,504   -----c---   C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-10-03 20:54 . 2008-07-06 14:06   575,488   ---------   C:\WINDOWS\system32\xpsshhdr.dll
2008-10-03 20:54 . 2008-07-06 14:06   575,488   -----c---   C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-10-03 20:54 . 2008-07-06 14:06   117,760   ---------   C:\WINDOWS\system32\prntvpt.dll
2008-10-03 20:54 . 2008-07-06 14:06   89,088   -----c---   C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-10-03 20:41 . 2008-10-03 20:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-10-03 20:40 . 2008-10-15 18:48   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\Azureus
2008-10-03 19:59 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-10-03 19:57 . 2008-10-03 19:59   <DIR>   d--------   C:\Program Files\Java
2008-10-03 19:56 . 2008-10-03 19:56   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-10-02 20:12 . 2008-10-02 20:12   <DIR>   d--------   C:\Program Files\Yahoo!
2008-10-02 13:35 . 2008-10-02 13:35   <DIR>   d--------   C:\Documents and Settings\Radek\.thumbnails
2008-10-02 13:28 . 2008-10-02 13:37   <DIR>   d--------   C:\Documents and Settings\Radek\.gimp-2.2
2008-10-02 13:11 . 2008-10-02 13:18   <DIR>   d--------   C:\Program Files\PhotoFiltre
2008-10-01 21:22 . 2008-04-14 22:50   1,306,624   ---------   C:\WINDOWS\system32\msxml6.dll
2008-10-01 21:22 . 2008-04-14 22:50   1,306,624   -----c---   C:\WINDOWS\system32\dllcache\msxml6.dll
2008-10-01 21:22 . 2008-04-14 22:50   233,472   ---------   C:\WINDOWS\system32\azroles.dll
2008-10-01 21:22 . 2008-04-14 22:49   136,192   ---------   C:\WINDOWS\system32\aaclient.dll
2008-10-01 21:22 . 2008-04-14 22:47   103,424   -----c---   C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-10-01 21:22 . 2008-04-14 21:52   89,600   ---------   C:\WINDOWS\system32\msxml6r.dll
2008-10-01 21:22 . 2008-04-14 21:52   89,600   -----c---   C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-10-01 21:22 . 2008-04-14 22:50   7,168   ---------   C:\WINDOWS\system32\bitsprx4.dll
2008-10-01 21:14 . 2008-04-13 22:06   144,384   ---------   C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-10-01 21:14 . 2008-04-14 00:10   10,240   ---------   C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-10-01 21:11 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]02893_.tmp
2008-10-01 20:32 . 2008-10-01 20:33   <DIR>   d--------   C:\totalcmd
2008-10-01 20:32 . 2008-10-01 20:35   847   --a------   C:\WINDOWS\wincmd.ini
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\UC.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\RAR.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\PKZIP.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\LHA.PIF
2008-10-01 20:32 . 2008-08-08 07:04   545   --a------   C:\WINDOWS\ARJ.PIF
2008-10-01 20:14 . 2008-07-12 08:18   1,493,528   --a------   C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-01 20:14 . 2008-07-31 10:40   509,448   --a------   C:\WINDOWS\system32\XAudio2_2.dll
2008-10-01 20:14 . 2008-07-12 08:18   467,984   --a------   C:\WINDOWS\system32\d3dx10_39.dll
2008-10-01 20:14 . 2008-07-31 10:41   238,088   --a------   C:\WINDOWS\system32\xactengine3_2.dll
2008-10-01 20:14 . 2008-07-31 10:41   68,616   --a------   C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-01 20:12 . 2008-10-01 20:12   <DIR>   d--------   C:\WINDOWS\Logs
2008-10-01 16:56 . 2008-10-01 16:56   <DIR>   d--------   C:\Program Files\DAEMON Tools Lite
2008-10-01 16:50 . 2008-10-01 16:50   717,296   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-10-01 16:49 . 2008-10-01 16:49   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\DAEMON Tools
2008-09-30 19:09 . 2008-09-30 19:10   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-09-30 08:29 . 2008-09-30 08:29   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-30 08:29 . 2008-09-30 08:29   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-30 08:25 . 2008-09-30 08:25   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-09-30 08:25 . 2008-10-18 07:55   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-30 08:25 . 2008-10-18 07:54   3,003,424   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-30 08:25 . 2008-10-18 07:55   491,552   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-30 08:25 . 2008-10-18 07:54   25,592   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-30 08:25 . 2008-10-18 07:55   3,808   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-30 08:23 . 2008-09-30 08:23   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-29 20:39 . 2008-09-29 20:46   <DIR>   d--------   C:\Program Files\MagicTune Premium
2008-09-29 20:38 . 2008-09-29 20:38   <DIR>   d--------   C:\Documents and Settings\Radek\Dane aplikacji\InstallShield
2008-09-29 20:33 . 2008-09-29 20:33   <DIR>   d--------   C:\Program Files\SEC

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 16:52   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-11 16:28   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-10-11 16:28   ---------   d-----w   C:\Program Files\Ahead
2008-09-29 15:52   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-29 12:44   ---------   d-----w   C:\Program Files\Thomson
2008-09-29 12:39   ---------   d-----w   C:\Program Files\SiS7012
2008-09-29 12:30   ---------   d-----w   C:\Program Files\VIA Technologies, Inc
2008-09-29 12:27   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-09-29 12:27   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-09-29 12:26   ---------   d-----w   C:\Program Files\ffdshow
2008-09-29 12:26   ---------   d-----w   C:\Program Files\AC3Filter
2008-09-29 12:06   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-09-29 12:05   ---------   d-----w   C:\Program Files\Windows Journal Viewer
2008-09-29 12:05   ---------   d-----w   C:\Program Files\HighMAT CD Writing Wizard
2008-09-29 12:02   ---------   d-----w   C:\Program Files\Usługi online
2008-09-08 22:03   51,712   ----a-w   C:\WINDOWS\system32\sirenacm.dll
2008-07-29 19:10   73,720   ----a-w   C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10   493,048   ----a-w   C:\WINDOWS\system32\evr.dll
2008-07-29 19:10   26,112   ----a-w   C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35   326,160   ----a-w   C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 18:21   218,376   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-07-29 17:59   781,344   ----a-w   C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59   43,544   ----a-w   C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59   161,296   ----a-w   C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59   105,016   ----a-w   C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24   97,800   ----a-w   C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24   622,080   ----a-w   C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24   11,264   ----a-w   C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16   96,760   ----a-w   C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16   83,968   ----a-w   C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16   282,112   ----a-w   C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16   158,720   ----a-w   C:\WINDOWS\system32\mscorier.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 503808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-04-26 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-09-29 307712]
Winamp.lnk - C:\Program Files\Winamp\winamp.exe [2008-08-04 1345376]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-09-29 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-09-29 49220]
Speedtouch Connection.lnk - C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe [2008-09-29 1671680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Radek^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\WINDOWS\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-03-23 12:06 888832 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-04-23 177280]
S3 jfdcd;jfdcd;C:\DOCUME~1\Radek\USTAWI~1\Temp\jfdcd.sys [ ]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\amfzuy1v.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 07:56:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-18  8:00:37 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-10-18 06:00:33

Przed: 26 701 459 456 bajtów wolnych
Po: 26,729,500,672 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

300


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\DOCUME~1\Radek\USTAWI~1\Temp\jfdcd.sys

Driver::
jfdcd

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->


Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Autor postu otrzymał pochwałę

[radek258]

Plik usunęło, tylko gdzie jest log?

[wojtas]

C:/combofix.txt ?

[radek258]

Nie ma Ale problem wygląda na rozwiązany