Wymuszenie ponownego uruchomienia | zamykanie systemu

[tenzin]

witam,
Dzisiaj kiedy uruchomiłem komputer po około minucie pojawił się następujący komunikat:

Później kilka razy pod rząd po ponownym uruchomieniu sytuacja się powtarzała, teraz sytuacja się poprawiła, komputer pracuje już kilka dobrych minut i nic się nie dzieje, Ktoś wie co to może być?
Uruchomiłem wwdc, ale wszystkie pola były na zielono.
Proszę o sprawdzenie logów:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by x at 2010-01-27 08:44:43
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 716 MB (16%) free of 4 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:46, on 2010-01-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programy\Firefox2\firefox.exe
C:\Documents and Settings\x\Pulpit\problem\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
D:\Programs\HijackThis\x.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=C:\Windows\Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programy\nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4041 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2006-07-07 348160]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-09 2223985]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
D:\Program2\Wapster\AQQ\WAPSTE~1\AQQ.exe [2009-11-17 6807552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
D:\Programy\abbyy\AbbyyNewsReader.exe [2003-08-05 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Programy\nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
D:\Programy\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2007-03-14 321088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2005-07-20 7110656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2005-07-20 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Programy\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
d:\Programs\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk]
D:\Programy\FINEPI~1\QuickDCF.exe [2005-04-05 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^x^Menu Start^Programy^Autostart^ukssys32.exe]
C:\Documents and Settings\x\Menu Start\Programy\Autostart\ukssys32.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program2\Wapster\AQQ\AQQ.exe"="D:\Program2\Wapster\AQQ\AQQ.exe:*:Enabled:P2P AQQ"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup"
"D:\Program2\eMule\EMULE.EXE"="D:\Program2\eMule\EMULE.EXE:*:Disabled:eMule"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe"="D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe:*:Enabled:AQQ"
"D:\Programy\Skype\Phone\Skype.exe"="D:\Programy\Skype\Phone\Skype.exe:*:Disabled:Skype"
"D:\Gry\Quake2\r1q2.exe"="D:\Gry\Quake2\r1q2.exe:*:Disabled:R1Q2 - Enhanced Quake II Client/Server"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Programs\Opera\opera.exe"="D:\Programs\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programs\VideoLAN\VLC\vlc.exe"="D:\Programs\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======


======List of files/folders modified in the last 1 months======

2010-01-27 08:44:10 ----D---- C:\WINDOWS\Prefetch
2010-01-27 08:44:02 ----D---- C:\WINDOWS\temp
2010-01-27 08:43:16 ----D---- C:\Documents and Settings\x\Dane aplikacji\VSO
2010-01-27 08:35:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 22:31:38 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-26 22:11:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-25 18:40:56 ----D---- C:\x3
2010-01-25 17:03:54 ----D---- C:\WINDOWS\system32
2010-01-25 14:52:48 ----D---- C:\Documents and Settings\x\Dane aplikacji\vlc
2010-01-21 18:45:29 ----D---- C:\Documents and Settings\x\Dane aplikacji\BESTplayer
2010-01-19 19:14:13 ----A---- C:\WINDOWS\win.ini
2010-01-13 10:24:38 ----D---- C:\film
2010-01-10 15:44:56 ----D---- C:\WINDOWS
2010-01-01 21:22:07 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 41472]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2005-06-28 163584]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-06-28 30976]
R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R2 pnarp;Network Magic Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2007-03-14 25792]
R2 purendis;Network Magic Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2007-03-14 26944]
R3 ctljystk;Port gier dla karty Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-06-28 9728]
R3 el90xbc;Sterownik karty 3Com EtherLink XL 90XB/C; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Sterownik Creative Interface Manager (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sfman;Sterownik Creative SoundFont Manager (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912]
S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter; C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 19034]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 sermouse;Sterownik myszy szeregowej; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-26 17920]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-08-16 38422]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; D:\Programy\nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]
R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-20 127043]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------


Kod: Zaznacz wszystko

OTL logfile created on: 2010-01-27 08:40:42 - Run 2
OTL by OldTimer - Version 3.1.18.0     Folder = C:\Documents and Settings\x\Pulpit\problem
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 238,17 Mb Available Physical Memory | 46,56% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,04% Paging File free
Paging file location(s): D:\pagefile.sys 766 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,31 Gb Total Space | 0,69 Gb Free Space | 16,09% Space Free | Partition Type: NTFS
Drive D: | 14,36 Gb Total Space | 0,21 Gb Free Space | 1,44% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-01-06 14:59:46 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox2\firefox.exe
PRC - [2009-12-18 16:34:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-03-14 15:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006-07-07 16:15:12 | 00,348,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2005-08-07 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005-07-20 20:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-12-13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001-10-26 17:29:52 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-12-18 16:34:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
MOD - [2004-08-03 23:44:16 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2004-08-03 23:42:34 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 21:31:44 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-03-14 15:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007-03-14 15:42:22 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006-12-23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) [Auto | Running] -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-08-07 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005-07-20 20:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004-12-13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004-08-03 23:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-02-15 10:50:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009-01-16 18:42:27 | 00,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008-05-16 11:33:12 | 00,089,256 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007-03-14 22:55:18 | 00,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007-03-14 22:55:02 | 00,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-11-10 15:17:50 | 00,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006-11-10 15:16:34 | 00,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006-11-10 15:15:44 | 00,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-10-09 04:26:40 | 00,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005-08-16 11:23:10 | 00,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005-07-20 20:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-06-28 08:24:00 | 00,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2005-06-28 08:22:00 | 00,030,976 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE)
DRV - [2005-06-28 08:21:00 | 00,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR)
DRV - [2005-01-06 15:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004-08-03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 22:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004-08-03 22:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-03 21:59:44 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004-04-30 08:37:02 | 00,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004-04-30 08:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004-03-08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001-08-17 22:54:18 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 22:54:18 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 20:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (el90xbc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\S-1-5-21-842925246-436374069-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3502a070-ea2f-11dd-ba2f-0800200c9a66}:1.5
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programy\Firefox2\components [2007-05-07 20:29:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programy\Firefox2\plugins [2007-05-07 20:29:22 | 00,000,000 | ---D | M]

[2008-12-05 15:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Extensions
[2010-01-25 09:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions
[2010-01-12 16:19:31 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009-11-20 10:32:31 | 00,000,000 | ---D | M] (MinimizeToTray) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2007-07-31 20:31:45 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010-01-08 14:33:36 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-12 16:19:33 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.7.228 217.172.224.160
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (C:\Windows\Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-04 21:42:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-01-28 16:08:50 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-28 16:08:52 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-18 14:51:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\x\Recent
[2008-05-03 16:30:28 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008-05-03 16:30:28 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2007-05-04 22:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2007-05-04 21:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2007-05-04 21:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2007-05-04 21:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-27 08:37:04 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-01-27 08:36:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-27 08:36:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-27 08:36:43 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-27 08:35:41 | 07,184,384 | ---- | M] () -- C:\Documents and Settings\x\ntuser.dat
[2010-01-27 08:35:41 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\x\ntuser.ini
[2010-01-27 08:31:31 | 04,984,194 | -H-- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-27 08:31:24 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\Nowy Obraz - mapa bitowa.bmp
[2010-01-26 22:31:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-26 09:24:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-23 13:03:12 | 00,048,070 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\język polski.pdf
[2010-01-19 19:14:13 | 00,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-01-15 18:39:01 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\spider.sav
[2010-01-12 10:53:38 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-28 19:04:27 | 00,000,061 | ---- | M] () -- C:\WINDOWS\popcinfo.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-27 08:31:24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\Nowy Obraz - mapa bitowa.bmp
[2010-01-23 13:03:12 | 00,048,070 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\język polski.pdf
[2010-01-15 18:39:01 | 00,000,372 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\spider.sav
[2009-02-06 17:52:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2009-02-05 20:35:02 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\spv1_WCssg.ini
[2009-01-05 10:32:07 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-07 12:54:36 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini
[2007-09-06 18:43:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-07-16 14:52:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007-07-10 12:50:04 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007-06-26 18:51:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2007-05-31 18:27:36 | 00,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-05-19 19:57:44 | 00,172,032 | R--- | C] () -- C:\WINDOWS\ESUSDX.DLL
[2007-05-19 19:57:44 | 00,077,824 | R--- | C] () -- C:\WINDOWS\ESUSD.DLL
[2007-05-16 19:31:28 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007-05-10 21:29:48 | 00,115,200 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-07 20:39:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-05-07 18:29:01 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-05-04 21:59:11 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005-10-14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-10-14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005-07-20 20:07:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2002-08-29 00:27:50 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2001-07-31 08:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999-01-22 17:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-01-16 19:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Acronis
[2009-05-07 19:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2009-06-11 16:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro
[2009-02-05 19:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA
[2008-05-28 07:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
[2009-02-05 20:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2007-12-06 09:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT
[2008-05-19 13:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2007-09-10 17:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2008-05-05 10:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Alawar
[2009-06-10 17:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\avidemux
[2010-01-21 18:45:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\BESTplayer
[2008-05-07 17:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Big Fish Games
[2007-05-10 21:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\FUJIFILM
[2007-05-08 07:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
[2008-06-13 12:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\GameHouse
[2009-02-05 20:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Incredible Ink
[2009-05-07 15:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\MobileAction
[2009-06-19 08:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Opera
[2008-01-04 10:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TC PowerPack
[2009-10-20 18:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thinstall
[2007-06-22 08:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thunderbird
[2010-01-27 08:43:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\VSO

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Pozdrawiam,

[NieWiem]

Siedzi (a raczej siedział) podpięty trojan pod userinita, do tego jakieś dziadostwo w autostarcie. Trojan ten ma właściwości dociągające, więc zastosujemy ComboFixa.

• Przeczytaj uważnie instrukcję programu ComboFix, po czym wyłącz swój program antywirusowy, firewall i inne programy, które mogą zakłócać nawet pobieranie ComboFixa twierdząc, że jest wirusem. Nie jest! Spokojnie go ściągnij i zapisz na pulpicie.
• Pobierz:
  • LINK #1
  • LINK #2
• Pozamykaj wszystkie otwarte okna, komunikatory, programy. ComboFixowi nie powinno sie przeszkadzać.
• Uruchom program z dwukliku (VISTA: prawoklik i 'uruchom jako administrator').
• Pozwól mu spokojnie działać, nie klikaj ani nie stukaj w klawiaturę - to może spwodować zawieszenie się komputera.
• Zalecane jest też instalowanie konsoli odzyskiwania, jeśli ComboFix o nią poprosi. Dzięki niej można odrolować zmiany w przypadku pomyłki narzędzia.
• Jeśli będzie potrzeba - zgódź się na restart.
• Kiedy program skończy, wytworzy loga (będzie on także w pliku C:\ComboFix.txt), którego wklej w odpowiedzi, pamiętając o tagach [code] lub na http://www.wklej.org.

A na przyszłość, jeśli wystąpi Ci taki problem że komp się będzie chciał wyłączyć, dajesz start => uruchom i tam wpisujesz komendę

shutdown -a

i enter, tylko pamiętaj o spacji.

[tenzin]

Dzięki za szybką odpowiedź!! i udzielone rady!

Uruchomiłem Combofixa, i w trakcie sprawdzania pojawił się komunikat, że komputer został zainfekowany przez rootkit i żeby zapisać na kartce nazwę pliku: c:\windows\system32\sdra64.exe ponieważ ta informacja może być później potrzebna.\

Log:

Kod: Zaznacz wszystko

ComboFix 10-01-26.02 - x 2010-01-27   9:08.16.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.511.342 [GMT 1:00]
Uruchomiony z: c:\documents and settings\x\Pulpit\problem\najnowsze_27\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\x\Moje dokumenty\kopia zapasowa rejestru cc_20090917_093410.reg
c:\windows\system32\ieuinit.inf
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\twain_32.dll

Zainfekowana kopia c:\windows\system32\DRIVERS\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\ServicePackFiles\i386\atapi.sys

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-12-27 do 2010-01-27  )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 07:44 . 2009-09-09 07:45   --------   d-----w-   c:\documents and settings\x\Dane aplikacji\VSO
2010-01-25 13:52 . 2009-12-10 15:47   --------   d-----w-   c:\documents and settings\x\Dane aplikacji\vlc
2010-01-21 17:45 . 2008-12-27 20:12   --------   d-----w-   c:\documents and settings\x\Dane aplikacji\BESTplayer
2010-01-01 20:17 . 2009-12-18 14:01   5061520   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 13:55 . 2009-07-11 11:17   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-07-11 11:17   19160   -c--a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-28 18:04 . 2007-06-22 18:51   61   -c--a-w-   c:\windows\popcinfo.dat
2009-12-24 18:21 . 2009-02-05 19:19   40   -c--a-w-   c:\windows\RSoftInfo.dat
2009-12-21 18:42 . 2009-09-15 14:52   --------   d-----w-   c:\documents and settings\x\Dane aplikacji\dvdcss
2009-12-18 10:56 . 2007-06-13 16:45   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-11-25 10:36 . 2009-11-25 10:36   152576   ----a-w-   c:\documents and settings\x\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-25 10:36 . 2009-11-25 10:36   79488   ----a-w-   c:\documents and settings\x\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 10:33 . 2007-05-04 21:46   60064   -c--a-w-   c:\documents and settings\x\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 348160]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-03-09 2223985]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Start^Programy^Autostart^ukssys32.exe]
path=c:\documents and settings\x\Menu Start\Programy\Autostart\ukssys32.exe
backup=c:\windows\pss\ukssys32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18   6807552   ----a-w-   d:\program2\Wapster\AQQ\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-08-05 15:16   278528   ----a-w-   d:\programy\abbyy\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-11-10 15:19   1051648   ----a-w-   d:\programy\nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55   54832   ----a-w-   d:\programy\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40   155648   -c--a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2007-03-14 14:42   321088   -c--a-w-   c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-20 19:07   7110656   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-07-20 19:07   86016   ----a-w-   c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-07-20 19:07   1519616   ----a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 20:32   53248   -c----w-   c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10   56928   ------w-   d:\programy\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program2\\Wapster\\AQQ\\AQQ.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program2\\Wapster\\AQQ\\WapSter AQQ\\AQQ.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Programs\\Opera\\opera.exe"=
"d:\\Programs\\VideoLAN\\VLC\\vlc.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-05-03 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-05-03 5248]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2007-09-10 9446]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2009-05-07 19034]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-05-20 89256]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\
FF - component: c:\documents and settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - plugin: d:\programs\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programs\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programs\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\adobe\Acrobat 7\Reader\browser\nppdf32.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Google Update - c:\documents and settings\x\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
MSConfigStartUp-UnlockerAssistant - d:\programs\Unlocker\UnlockerAssistant.exe
AddRemove-Odkurzacz 12.2_is1 - d:\programs\Odkurzacz 12\Odkurzacz\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 09:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8209DAF0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857afc3
\Driver\ACPI -> ACPI.sys @ 0xf84c4cb8
\Driver\atapi -> 0x8209daf0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) -> SendCompleteHandler -> NDIS.sys @ 0xf834daf9
PacketIndicateHandler -> NDIS.sys @ 0xf8358b21
SendHandler -> NDIS.sys @ 0xf834d938
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-842925246-436374069-1957994488-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\browselc.dll
d:\programy\adobe\Acrobat 7\ActiveX\AcroIEHelper.dll
d:\programy\adobe\Acrobat 7\ActiveX\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\programy\nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-27  09:19:51 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-01-27 08:19

Przed: 699 027 456 bajtów wolnych
Po: 736 636 928 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - B714F20AAA504F83CAC01A531152578A


Czy powinienem jeszcze coś zrobić?
Pozdrawiam,

[NieWiem]

Wydaje mi się, że mamy tutaj do czynienia z dość popularną ostatnio infekcją i chwilę cierpliwości będzie wymagało jej wyleczenie.

• Pobierz Gmer na pulpit. Będzie nazwany jako losowa kombinacja cyfr i liter.
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Upewnij się, że wszystkie pozostałe okna są zamknięte i pozwól mu pracować bez zakłóceń - ten typ skanów może dawać wiele fałszywych odczytów, dlatego tak ważne jest, aby system pracował bez żadnych ingerencji.
• Uwaga dla użytkowników systemów Vista oraz Se7en - podczas skanowania może wystąpić bluescreen. Nie należy się tym przejmować, po prostu Gmer na tych systemach nie czuje się dobrze. W takim przypadku proszę o tym napisać w poście na forum.
• Gdy pojawi się okno, poczekaj chwile, aż zakończy się wstępne skanowanie.
• Jeśli pojawi się komunikat, że znaleziono działalność rootkitów, proszę nie podejmować samemu żadnych działań, tylko wytworzyć loga i pokazać go do analizy!
• Kliknij Szukaj. Nie zmieniaj żadnych ustawień. Skanowanie może trwać długo.
• Kiedy skanowanie się skończy, kliknij Kopiuj.
• Udaj się na stronę http://wklej.org/ i wklej zawartość schowka (PPM -> Wklej), a na forum wklej tylko link do loga.

Oprócz tego pliki

c:\windows\system32\DRIVERS\atapi.sys
c:\windows\system32\drivers\a347bus.sys
c:\windows\system32\drivers\a347scsi.sys

sprawdź na www.virscan.org i pokaż mi wyniki.

[tenzin]

Dzięki za pomoc, ale mam problem z uruchomieniem gmera.
Ściągam go na pulpit, wyłączam wszystkie pozostałe programy, po czym uruchamiam.
Chwile coś sprawdza i za każdym razem wypada jakiś windowsowy błąd, np.:

Szczegóły:





Skanowanie wskazanych plików przez VirSCAN.org:
1.
C:\windows\system32\DRIVERS\atapi.sys
Tylko, że w moim przypadku katalog drivers był z małych liter.
Wynik: ERROR: Nie można odnaleźć wysłanego pliku!

2.
c:\windows\system32\drivers\a347bus.sys
Wyniki skanera : Wszystkie skanery zgłosiły brak szkodliwego oprogramowania!

3.
c:\windows\system32\drivers\a347scsi.sys
Wyniki skanera : Wszystkie skanery zgłosiły brak szkodliwego oprogramowania!
Pozdrawiam,

[NieWiem]

• Pobierz RootRepeal.
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Na dole okna wybierz zakładkę Report
• Wciśnij przycisk Scan. W wyskakującym oknie zaznacz następujące opcje:
  • Drivers
  • Processes
  • SSDT
  • Hidden Services
• Wciskamy OK i w następnym oknie zaznaczamy all drives.
• Upewniamy się, żę wszystkie inne okna czy komunikatory są wyłączone - ten skan może dawać wiele fałszywych odczytów, więc nie powinno się mu przeszkadzać.
• Ponowne wciśnięcie OK uruchomi program.
• Po zakończonym skanowaniu dostępny stanie się przycisk Save Report. Wciskamy i zapisujemy wyniki skanowania.
• Ten raport może być dość długi, dlatego zalecam, aby wkleić go na stronie http://www.wklej.org, a w swoim poście podać tylko link do strony z wynikami.

[tenzin]

Pobrałem, uruchomiłem. Na wstępie wyskoczyło coś takiego:

Później doszedłem do:

Na dole okna wybierz zakładkę Report Wciśnij przycisk Scan. W wyskakującym oknie zaznacz następujące opcje:
o Drivers
o Processes
o SSDT
o Hidden Services

Po czym wyrzucił mi raport:

Kod: Zaznacz wszystko

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/01/27 12:25
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP2
==================================================

Drivers
-------------------
Name:         
Image Path:         
Address: 0xF8450000   Size: 98304   File Visible: No   Signed: -
Status: -

Name:         
Image Path:         
Address: 0x00000000   Size: 0   File Visible: No   Signed: -
Status: -

Name: pxtdipow.sys
Image Path: C:\DOCUME~1\x\USTAWI~1\Temp\pxtdipow.sys
Address: 0xB8A3B000   Size: 93056   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB95BA000   Size: 49152   File Visible: No   Signed: -
Status: -

SSDT
-------------------
#: 025   Function Name: NtClose
Status: Hooked by "a347bus.sys" at address 0xf84fb028

#: 041   Function Name: NtCreateKey
Status: Hooked by "a347bus.sys" at address 0xf84fafe0

#: 045   Function Name: NtCreatePagingFile
Status: Hooked by "a347bus.sys" at address 0xf84eeb00

#: 071   Function Name: NtEnumerateKey
Status: Hooked by "a347bus.sys" at address 0xf84ef5dc

#: 073   Function Name: NtEnumerateValueKey
Status: Hooked by "a347bus.sys" at address 0xf84fb120

#: 116   Function Name: NtOpenFile
Status: Hooked by "a347bus.sys" at address 0xf84eeb40

#: 119   Function Name: NtOpenKey
Status: Hooked by "a347bus.sys" at address 0xf84fafa4

#: 160   Function Name: NtQueryKey
Status: Hooked by "a347bus.sys" at address 0xf84ef5fc

#: 177   Function Name: NtQueryValueKey
Status: Hooked by "a347bus.sys" at address 0xf84fb076

#: 241   Function Name: NtSetSystemPowerState
Status: Hooked by "a347bus.sys" at address 0xf84fa550

==EOF==

Co do dalszej części Twojej instrukcji:

* Wciskamy OK i w następnym oknie zaznaczamy all drives.

Chyba coś poszło nie tak bo po wyrzuceniu w.w. loga nie było takiej opcji.
Zatem, nie wiem jak, to zaznaczyć.
Pozdrawiam,

[NieWiem]

I tak jestem już sporo mądrzejszy. Prawdopodobnie jest tu ta jakaś dziwna mutacja TDSS + TDL3.

• Pobierz TDSSKiller i zapisz go na pulpicie.
• Wypakuj zawartośc na pulpit.
  Ważne: TDSSKiller.exe musi być zapisany bezpośrednio na pulpicie!
• Wciśnij naraz klawisz z symbolem Windowsa oraz R - pokaże się okienko, do którego wkleisz następującą komendę:
  

  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

• jeśli narzędzie zwróci komunikat "Hidden Service detected" wciśnij ENTER, nic innego!
• Po zakończeniu działania na dysku C:\ będzie będzie plik TDSSKiller.txt - pokaż tego loga w swojej odpowiedzi.

[tenzin]

Miałem problem z uruchomieniem, ale w końcu zmieniłem w podanej przez Ciebie komendzie słowo "Desktop" na słowo "Pulpit" i zadziałało. Program wyrzucił taki screen:



Pozdrawiam,

[NieWiem]

Naciśnij enter i pokaż mi wynikowego loga. Jak w opisie.

[tenzin]

Wybacz, już wrzucam:

Kod: Zaznacz wszystko

14:19:58:267 1964   TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
14:19:58:267 1964   ================================================================================
14:19:58:267 1964   SystemInfo:

14:19:58:267 1964   OS Version: 5.1.2600 ServicePack: 2.0
14:19:58:267 1964   Product type: Workstation
14:19:58:267 1964   ComputerName: XXX
14:19:58:267 1964   UserName: x
14:19:58:267 1964   Windows directory: C:\WINDOWS
14:19:58:267 1964   Processor architecture: Intel x86
14:19:58:267 1964   Number of processors: 1
14:19:58:267 1964   Page size: 0x1000
14:19:58:267 1964   Boot type: Normal boot
14:19:58:267 1964   ================================================================================
14:19:58:277 1964   UnloadDriverW: NtUnloadDriver error 2
14:19:58:277 1964   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:19:58:277 1964   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:19:58:277 1964   UtilityInit: KLMD drop and load success
14:19:58:277 1964   KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
14:19:58:277 1964   UtilityInit: KLMD open success
14:19:58:277 1964   UtilityInit: Initialize success
14:19:58:277 1964   
14:19:58:277 1964   Scanning   Services ...
14:19:58:277 1964   CreateRegParser: Registry parser init started
14:19:58:277 1964   DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
14:19:58:277 1964   CreateRegParser: DisableWow64Redirection error
14:19:58:277 1964   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:19:58:277 1964   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
14:19:58:277 1964   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:19:58:277 1964   wfopen_ex: Trying to KLMD file open
14:19:58:277 1964   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
14:19:58:277 1964   wfopen_ex: File opened ok (Flags 2)
14:19:58:277 1964   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 3C4B30
14:19:58:277 1964   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:19:58:277 1964   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
14:19:58:277 1964   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:19:58:277 1964   wfopen_ex: Trying to KLMD file open
14:19:58:277 1964   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
14:19:58:277 1964   wfopen_ex: File opened ok (Flags 2)
14:19:58:277 1964   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3C4BD8
14:19:58:277 1964   EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
14:19:58:277 1964   CreateRegParser: EnableWow64Redirection error
14:19:58:277 1964   CreateRegParser: RegParser init completed
14:19:58:587 1964   GetAdvancedServicesInfo: Raw services enum returned 322 services
14:19:58:597 1964   fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:19:58:597 1964   fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:19:58:597 1964   
14:19:58:597 1964   Scanning   Kernel memory ...
14:19:58:597 1964   KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:19:58:597 1964   DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 823AFB30
14:19:58:597 1964   DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
14:19:58:597 1964   
14:19:58:597 1964   DetectCureTDL3: DEVICE_OBJECT: 82378C68
14:19:58:597 1964   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82378C68
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0x82378C68[0x38]
14:19:58:597 1964   DetectCureTDL3: DRIVER_OBJECT: 823AFB30
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0x823AFB30[0xA8]
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0xE101CE30[0x18]
14:19:58:597 1964   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:19:58:597 1964   DetectCureTDL3: IrpHandler (0) addr: F857CC30
14:19:58:597 1964   DetectCureTDL3: IrpHandler (1) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (2) addr: F857CC30
14:19:58:597 1964   DetectCureTDL3: IrpHandler (3) addr: F8576D9B
14:19:58:597 1964   DetectCureTDL3: IrpHandler (4) addr: F8576D9B
14:19:58:597 1964   DetectCureTDL3: IrpHandler (5) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (6) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (7) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (8) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (9) addr: F8577366
14:19:58:597 1964   DetectCureTDL3: IrpHandler (10) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (11) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (12) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (13) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (14) addr: F857744D
14:19:58:597 1964   DetectCureTDL3: IrpHandler (15) addr: F857AFC3
14:19:58:597 1964   DetectCureTDL3: IrpHandler (16) addr: F8577366
14:19:58:597 1964   DetectCureTDL3: IrpHandler (17) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (18) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (19) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (20) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (21) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (22) addr: F8578EF3
14:19:58:597 1964   DetectCureTDL3: IrpHandler (23) addr: F857DA24
14:19:58:597 1964   DetectCureTDL3: IrpHandler (24) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (25) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (26) addr: 805025E4
14:19:58:597 1964   TDL3_FileDetect: Processing driver: Disk
14:19:58:597 1964   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:58:597 1964   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:58:597 1964   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:19:58:597 1964   
14:19:58:597 1964   DetectCureTDL3: DEVICE_OBJECT: 82390C68
14:19:58:597 1964   KLMD_GetLowerDeviceObject: Trying to get lower device object for 82390C68
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0x82390C68[0x38]
14:19:58:597 1964   DetectCureTDL3: DRIVER_OBJECT: 823AFB30
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0x823AFB30[0xA8]
14:19:58:597 1964   KLMD_ReadMem: Trying to ReadMemory 0xE101CE30[0x18]
14:19:58:597 1964   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:19:58:597 1964   DetectCureTDL3: IrpHandler (0) addr: F857CC30
14:19:58:597 1964   DetectCureTDL3: IrpHandler (1) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (2) addr: F857CC30
14:19:58:597 1964   DetectCureTDL3: IrpHandler (3) addr: F8576D9B
14:19:58:597 1964   DetectCureTDL3: IrpHandler (4) addr: F8576D9B
14:19:58:597 1964   DetectCureTDL3: IrpHandler (5) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (6) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (7) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (8) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (9) addr: F8577366
14:19:58:597 1964   DetectCureTDL3: IrpHandler (10) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (11) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (12) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (13) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (14) addr: F857744D
14:19:58:597 1964   DetectCureTDL3: IrpHandler (15) addr: F857AFC3
14:19:58:597 1964   DetectCureTDL3: IrpHandler (16) addr: F8577366
14:19:58:597 1964   DetectCureTDL3: IrpHandler (17) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (18) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (19) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (20) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (21) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (22) addr: F8578EF3
14:19:58:597 1964   DetectCureTDL3: IrpHandler (23) addr: F857DA24
14:19:58:597 1964   DetectCureTDL3: IrpHandler (24) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (25) addr: 805025E4
14:19:58:597 1964   DetectCureTDL3: IrpHandler (26) addr: 805025E4
14:19:58:597 1964   TDL3_FileDetect: Processing driver: Disk
14:19:58:597 1964   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:58:597 1964   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:58:608 1964   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:19:58:608 1964   
14:19:58:608 1964   DetectCureTDL3: DEVICE_OBJECT: 823D2030
14:19:58:608 1964   KLMD_GetLowerDeviceObject: Trying to get lower device object for 823D2030
14:19:58:608 1964   DetectCureTDL3: DEVICE_OBJECT: 823B07F0
14:19:58:608 1964   KLMD_GetLowerDeviceObject: Trying to get lower device object for 823B07F0
14:19:58:608 1964   DetectCureTDL3: DEVICE_OBJECT: 8235F940
14:19:58:608 1964   KLMD_GetLowerDeviceObject: Trying to get lower device object for 8235F940
14:19:58:608 1964   KLMD_ReadMem: Trying to ReadMemory 0x8235F940[0x38]
14:19:58:608 1964   DetectCureTDL3: DRIVER_OBJECT: 8237C9C0
14:19:58:608 1964   KLMD_ReadMem: Trying to ReadMemory 0x8237C9C0[0xA8]
14:19:58:608 1964   KLMD_ReadMem: Trying to ReadMemory 0xE1020D90[0x1A]
14:19:58:608 1964   DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:19:58:608 1964   DetectCureTDL3: IrpHandler (0) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (1) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (2) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (3) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (4) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (5) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (6) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (7) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (8) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (9) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (10) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (11) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (12) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (13) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (14) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (15) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (16) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (17) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (18) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (19) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (20) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (21) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (22) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (23) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (24) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (25) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: IrpHandler (26) addr: 8222ADE0
14:19:58:608 1964   DetectCureTDL3: All IRP handlers pointed to one addr: 8222ADE0
14:19:58:608 1964   KLMD_ReadMem: Trying to ReadMemory 0x8222ADE0[0x400]
14:19:58:608 1964   TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0
14:19:58:608 1964   KLMD_ReadMem: Trying to ReadMemory 0xF84577C6[0x400]
14:19:58:608 1964   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:19:58:608 1964   TDL3_FileDetect: Processing driver: atapi
14:19:58:608 1964   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:58:608 1964   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:58:618 1964   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
14:19:58:618 1964   
14:19:58:628 1964   Completed
14:19:58:628 1964   
14:19:58:628 1964   Results:
14:19:58:628 1964   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
14:19:58:628 1964   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
14:19:58:628 1964   File objects infected / cured / cured on reboot:   0 / 0 / 0
14:19:58:628 1964   
14:19:58:628 1964   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:19:58:628 1964   UtilityDeinit: KLMD(ARK) unloaded successfully


Pozdrawiam,

[NieWiem]

1. Usuń z dysku katalog C:\Qoobox


2. przeleć komputer Malwarebytes' Anti Malware i wklej raport.


3. Tutaj podaję Ci linka do pliku atapi, którego będziemy potrzebować później. Nie pobieraj go na razie, po prostu później nie będę miał dostępu do tego komputera, z którego Ci go daję.
http://www.speedyshare.com/files/20589940/atapi.zip


4. Przeczytaj i zastosuj ten linkowany temat, metodę pierwszą:
http://www.searchengines.pl/index.php?act=announce&f=99&id=20
Chciałbym, żeby jak najmniej rzeczy utrudniało pracę

[tenzin]

Ad.1. katalog C:\Qoobox - usunięty

Ad.2. Malwarebytes' Anti-Malware wykrył infekcje...

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3645
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-01-27 17:00:33
mbam-log-2010-01-27 (17-00-07).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 112123
Upłynęło: 7 minute(s), 36 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 4
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\RECYCLER\S-1-5-21-842925246-436374069-1957994488-1003\Dc8.vir (Trojan.PWS) -> No action taken.


Ad.4. Wykonano, metodą pierwszą

Pozdrawiam,

[NieWiem]

PRzepraszam, ale nie dałem rady już wczoraj odpisać.

Znaleziska pochodzące z Malwarebytes' oczywiscie usuwamy. Potem pobierz linkowany wyżej plik i zapisz go bezpośrednio na dysku C:\ (ścieżka dostępu ma być C:\atapi.sys)

Zaczniemy metodą "softową" i zobaczymy czy da radę

Otwórz OTL i montuj w nim następujący skrypt:

:OTL
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
:Files
C:\WINDOWS\System32\DRIVERS\atapi.sys|C:\atapi.sys /replace
:Commands
[reboot]

Klikasz Run Fix i wracasz z raportem z Fixa i nowym logiem z OTL

[tenzin]

Dzięki za odpowiedź!

Log z AntiMalware

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3645
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-01-28 08:44:27
mbam-log-2010-01-28 (08-44-27).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 111993
Upłynęło: 4 minute(s), 30 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 4
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)


Pierwszy log z OTL:

Kod: Zaznacz wszystko

========== OTL ==========
Process explorer.exe killed successfully!
========== FILES ==========
File C:\WINDOWS\System32\DRIVERS\atapi.sys successfully replaced with C:\atapi.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.18.0 log created on 01282010_085131


Świeży log z OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2010-01-28 08:57:23 - Run 3
OTL by OldTimer - Version 3.1.18.0     Folder = C:\Documents and Settings\x\Pulpit\problem
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 312,12 Mb Available Physical Memory | 61,02% Memory free
1,22 Gb Paging File | 1,05 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): D:\pagefile.sys 766 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,31 Gb Total Space | 0,60 Gb Free Space | 13,94% Space Free | Partition Type: NTFS
Drive D: | 14,36 Gb Total Space | 0,71 Gb Free Space | 4,95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-01-06 14:59:46 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox2\firefox.exe
PRC - [2009-12-18 16:34:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-03-14 15:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006-07-07 16:15:12 | 00,348,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2005-08-07 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005-07-20 20:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-12-13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004-08-03 23:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001-10-26 17:29:52 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-12-18 16:34:07 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
MOD - [2004-08-03 23:42:34 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-03-14 15:42:48 | 00,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007-03-14 15:42:22 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006-12-23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006-11-10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) [Auto | Running] -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-08-07 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005-07-20 20:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004-12-13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004-08-03 23:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-02-15 10:50:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2009-01-16 18:42:27 | 00,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008-05-16 11:33:12 | 00,089,256 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007-03-14 22:55:18 | 00,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007-03-14 22:55:02 | 00,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006-11-10 15:17:50 | 00,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006-11-10 15:16:34 | 00,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006-11-10 15:15:44 | 00,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-10-09 04:26:40 | 00,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005-08-16 11:23:10 | 00,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005-07-20 20:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-06-28 08:24:00 | 00,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2005-06-28 08:22:00 | 00,030,976 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE)
DRV - [2005-06-28 08:21:00 | 00,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR)
DRV - [2005-01-06 15:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004-08-03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 22:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004-08-03 22:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-03-08 11:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001-08-17 22:54:18 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 22:54:18 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 20:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (el90xbc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\S-1-5-21-842925246-436374069-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3502a070-ea2f-11dd-ba2f-0800200c9a66}:1.5
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programy\Firefox2\components [2007-05-07 20:29:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programy\Firefox2\plugins [2007-05-07 20:29:22 | 00,000,000 | ---D | M]

[2008-12-05 15:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Extensions
[2010-01-27 09:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions
[2010-01-12 16:19:31 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009-11-20 10:32:31 | 00,000,000 | ---D | M] (MinimizeToTray) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2007-07-31 20:31:45 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010-01-08 14:33:36 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-12 16:19:33 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.7.228 217.172.224.160
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-04 21:42:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-01-28 16:08:50 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-28 16:08:52 | 00,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-28 08:50:30 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010-01-27 11:29:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010-01-27 09:01:07 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010-01-27 08:59:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-01-27 08:59:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-01-27 08:59:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-01-27 08:59:34 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-01-18 14:51:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\x\Recent
[2007-05-04 22:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2007-05-04 21:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2007-05-04 21:44:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2007-05-04 21:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-28 08:52:53 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-01-28 08:52:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-28 08:52:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-28 08:52:34 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-28 08:51:43 | 07,184,384 | ---- | M] () -- C:\Documents and Settings\x\ntuser.dat
[2010-01-28 08:51:43 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\x\ntuser.ini
[2010-01-27 12:41:47 | 04,986,064 | -H-- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-27 09:14:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-01-27 09:14:20 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-27 09:01:13 | 00,000,264 | RHS- | M] () -- C:\boot.ini
[2010-01-26 22:31:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-26 09:24:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-23 13:03:12 | 00,048,070 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\język polski.pdf
[2010-01-19 19:14:13 | 00,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-01-15 18:39:01 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\spider.sav
[2010-01-12 10:53:38 | 00,115,200 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-27 09:01:12 | 00,000,194 | ---- | C] () -- C:\Boot.bak
[2010-01-27 09:01:08 | 00,262,400 | ---- | C] () -- C:\cmldr
[2010-01-27 08:59:34 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-01-27 08:59:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-01-27 08:59:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-01-27 08:59:34 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-01-27 08:59:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-01-23 13:03:12 | 00,048,070 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\język polski.pdf
[2010-01-15 18:39:01 | 00,000,372 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\spider.sav
[2009-02-06 17:52:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2009-02-05 20:35:02 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\spv1_WCssg.ini
[2009-01-05 10:32:07 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-07 12:54:36 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini
[2007-09-06 18:43:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-07-16 14:52:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007-07-10 12:50:04 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007-06-26 18:51:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2007-05-31 18:27:36 | 00,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-05-19 19:57:44 | 00,172,032 | R--- | C] () -- C:\WINDOWS\ESUSDX.DLL
[2007-05-19 19:57:44 | 00,077,824 | R--- | C] () -- C:\WINDOWS\ESUSD.DLL
[2007-05-16 19:31:28 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007-05-10 21:29:48 | 00,115,200 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-07 20:39:19 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-05-07 18:29:01 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-05-04 21:59:11 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005-10-14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-10-14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005-07-20 20:07:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2001-07-31 08:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999-01-22 17:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-01-16 19:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Acronis
[2009-05-07 19:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2009-06-11 16:50:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro
[2009-02-05 19:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA
[2008-05-28 07:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
[2009-02-05 20:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2007-12-06 09:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT
[2008-05-19 13:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2007-09-10 17:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2008-05-05 10:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Alawar
[2009-06-10 17:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\avidemux
[2010-01-21 18:45:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\BESTplayer
[2008-05-07 17:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Big Fish Games
[2007-05-10 21:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\FUJIFILM
[2007-05-08 07:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
[2008-06-13 12:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\GameHouse
[2009-02-05 20:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Incredible Ink
[2009-05-07 15:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\MobileAction
[2009-06-19 08:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Opera
[2008-01-04 10:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TC PowerPack
[2009-10-20 18:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thinstall
[2007-06-22 08:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thunderbird
[2010-01-27 08:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\VSO

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Pozdrawiam ,

[NieWiem]

OTL dał radę

Czyli wszelkie znaki na niebie i na ziemi wskazują, że sprawa załatwiona.


1. Usuń z dysku plik C:\atapi.sys


2. Start ++> uruchom ++> wpisujesz ComboFix /uninstall i enter


3.

• Pobierz program OTC
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Wciśnij przycisk Clean Up!
• Na pytanie "Begin cleanup Process?" wciśnij Yes.
• Jeśli padnie prośba o restart - zgódź się.

4.

• Pobierz program TFC
• Zamknij wszystkie otwarte programy - inaczej TFC zrobi to za Ciebie
• Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
• Kliknij przycisk Start
• Czyszczenie lokalizacji tymczasowych może chwilę potrwać (ale znowu bez przesady), uzbrój się w cierpliwość.
• Jeśli padnie prośba o restart - zgódź się.

5. Czyszczenie punktów przywracania systemu jest konieczne, ponieważ w backupach Windowsa znajdują się także kopie szkodników.

• Wyłączenie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Zaznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.
• Zrestartować komputer!
• Włączanie przywracania systemu
  • Na pulpicie => prawoklik na Mój Komputer
  • opcja Właściwości
  • zakładka Przywracanie systemu
  • Odznaczyć opcję Wyłącz przywracanie systemu
  • Kliknąć Zastosuj, a potem OK.

I ze dwa słowa napisz, czy coś jeszcze Cię niepokoi

Autor postu otrzymał pochwałę

[tenzin]

Bardzo dziękuję za pomoc! . Gdybym mógł wystawiłbym dwie pochwały!
Pozdrawiam,