Wszystko się sypie (w tym przeglądarka, komunikator..)

[Mojwa92]

Witajcie!
Mam problem.
Od wczoraj nie działa mi GoogleChrome. Pomijam że od paru dni już nie mogłam odpalić np maila na nim - no ale myślałam, że to wywołane przez coś z Chromem.
Ale dziś sypnął mi się Photoshop (wystąpił błąd z aplikacją i zostanie ona zamknieta), xFire... I to chyba jednak nie jest wywołane wspólną awarią tychże programów.
Więc pewnie coś z kompem.

Pomijam, że coś odwalał i nie chciał się włączać, więc w Dosie musiałam ustawienia fabryczne przywrócić [a potem znowu wyłączyć napęd dyskietek], żeby komputer w ogole działał. Czy raczej - uruchomił się.
To, że czasem odwala i przy włączaniu nie widzi myszki/klawiatury i muszę resetować pomijam, bo to da się obejść restartem.
Eh, potrzebuję Photoshopa!
A tak powaznie - pomóżcie. Nie lubię FireFoxa.

oto logi:
otl: http://www.wklej.org/id/332331/

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-05-11 20:04:58 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Mojwuś\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 327,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 5,55 Gb Free Space | 22,19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 124,04 Gb Total Space | 9,56 Gb Free Space | 7,71% Space Free | Partition Type: NTFS

Computer Name: MOJWA
Current User Name: Mojwuś
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- M:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-823518204-1004336348-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "M:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "M:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "M:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "M:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "M:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"22328:TCP" = 22328:TCP:*:Enabled:BitComet 22328 TCP
"22328:UDP" = 22328:UDP:*:Enabled:BitComet 22328 UDP
"11192:TCP" = 11192:TCP:*:Enabled:BitComet 11192 TCP
"11192:UDP" = 11192:UDP:*:Enabled:BitComet 11192 UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"M:\Program Files\BitComet\BitComet.exe" = M:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"M:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = M:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger -- File not found
"M:\Program Files\Xfire\Xfire.exe" = M:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"M:\Program Files\Mozilla Firefox\firefox.exe" = M:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"M:\Left 4 Dead\left4dead.exe" = M:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"M:\Left 4 Dead\hl2.exe" = M:\Left 4 Dead\hl2.exe:*:Enabled:hl2 -- File not found
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = M:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- File not found
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X -- ()
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X -- File not found
"M:\HAWX\Tom Clancy's H.A.W.X\HAWX.exe" = M:\HAWX\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:HAWX -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"M:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe" = M:\Program Files\Red Storm Entertainment\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon -- ()
"M:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = M:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"M:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = M:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"M:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = M:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"M:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = M:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"M:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = M:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"M:\Left.4.dead.2.FULL.PATCHED.DIRECTPLAY.IBBES.RIP\Left 4 dead 2\left4dead2.exe" = M:\Left.4.dead.2.FULL.PATCHED.DIRECTPLAY.IBBES.RIP\Left 4 dead 2\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"M:\Program Files\Steam\steamapps\Mojwusia\Left 4 dead 2\left4dead2.exe" = M:\Program Files\Steam\steamapps\Mojwusia\Left 4 dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
"M:\Program Files\Steam\steamapps\Mojwusia\Left 4 Dead\left4dead.exe" = M:\Program Files\Steam\steamapps\Mojwusia\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"M:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe" = M:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- ()
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found
"C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Communicator -- (Creative Team S.A.)
"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- File not found
"C:\Program Files\Konnekt\konnekt.exe" = C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core -- (Stamina)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"M:\Program Files\Steam\steamapps\Mojwusia\Left 4 Dead\hl2.exe" = M:\Program Files\Steam\steamapps\Mojwusia\Left 4 Dead\hl2.exe:*:Enabled:hl2 -- ()
"M:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe" = M:\Program Files\VUGames\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4 -- (Sierra Entertainment, Inc.)
"C:\Documents and Settings\Mojwuś\Ustawienia lokalne\Temp\~osDE7.tmp\rlvknlg.exe" = C:\Documents and Settings\Mojwuś\Ustawienia lokalne\Temp\~osDE7.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"M:\Program Files\iTunes\iTunes.exe" = M:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\Temp\~os11.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os11.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"M:\Program Files\Opera\opera.exe" = M:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"M:\Program Files\Dragon Age\bin_ship\daorigins.exe" = M:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare)
"M:\Program Files\Dragon Age\DAOriginsLauncher.exe" = M:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare)
"M:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = M:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare)
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E43D5F-5296-4D53-B303-9D951AFE510F}" = Airline Tycoon Evolution
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox tp
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{2965C062-FBC0-4505-9EB8-4497252BB41F}" = Gothic II
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{30BE2CB7-A171-48BB-9673-9211834956CC}" = OpenOffice.org 3.1
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CD4557F-E285-4F0C-C2E2-8D1794BDBFE8}" = MLB.com OnBase
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.3 - Polish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7777E08-1344-42E8-975B-6F541F9ADBD8}" = ATI Catalyst Control Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{D9B3B577-26BD-4CB2-9072-8029AE097AFE}" = Quake Live Mozilla Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"4Musics MPC to MP3 Converter 4.6_is1" = 4Musics MPC to MP3 Converter 4.6
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"AP Tuner 3.06" = AP Tuner 3.06
"AP Tuner 3.08" = AP Tuner 3.08
"AQQ" = WapSter AQQ
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"BF2142 1.50 Clan mod v 3.02" = BF2142 1.50 Clan mod v 3.02
"BitComet" = BitComet 1.13
"Budzik_is1" = Budzik 1.04
"CABAL Online (Europe)_is1" = CABAL Online
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1" = MLB.com OnBase
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digsby" = Digsby
"EADM" = EA Download Manager
"easyHDR_basic" = easyHDR BASIC
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GamingMouse" = Gaming Mouse
"GCFScape_is1" = GCFScape 1.7.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"ipla" = ipla 2.1.1
"Kain 2" = Legacy of Kain: Soul Reaver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"Konnekt" = Konnekt
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2200 Series" = Lexmark 2200 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"MpcStar" = MpcStar 4.0
"Mumble" = Mumble and Murmur
"MyWebSearch bar Uninstall" = My Web Search (Zwinky)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Notepad++" = Notepad++
"Pasjanse" = Pasjanse
"PCConfidential_is1" = PC Confidential 2008
"PhotoFiltre" = PhotoFiltre
"ProgSense_is1" = ProgSense
"PunkBusterSvc" = PunkBuster Services
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Rejestracja użytkownika drukarki Canon iP1900 series" = Rejestracja użytkownika drukarki Canon iP1900 series
"Smart-Shopper" = SmartShopper
"Softonic-en Toolbar" = Softonic-en Toolbar
"SplitCam Toolbar" = SplitCam Toolbar
"Steam App 590" = Left 4 Dead 2 Demo
"SubEdit-Player_is1" = SubEdit-Player
"Syberia_is1" = Syberia
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"vixy converter BETA_is1" = vixy converter uninstall
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Wyeke" = Wyeke 1.0 build 151
"Xfire" = Xfire (remove only)
"ZENcast Organizer" = ZENcast Organizer
"Zenses2" = Zenses2 Beta2

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-823518204-1004336348-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"I-Doser v4" = I-Doser v4

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-01-18 15:01:18 | Computer Name = MOJWA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Left 4 Dead Launcher.exe, wersja 3.2.12.0,
moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-02-09 08:58:47 | Computer Name = MOJWA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-02-09 09:00:06 | Computer Name = MOJWA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-02-09 09:00:54 | Computer Name = MOJWA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca oostart.exe, wersja 1.0.0.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-02-13 06:18:13 | Computer Name = MOJWA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-02-13 06:18:53 | Computer Name = MOJWA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca oostart.exe, wersja 1.0.0.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-02-23 10:42:58 | Computer Name = MOJWA | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną  zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-02-27 12:17:59 | Computer Name = MOJWA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd oostart.exe, wersja 1.0.0.1, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x00010a19.

Error - 2010-02-27 12:28:41 | Computer Name = MOJWA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd oostart.exe, wersja 1.0.0.1, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.3520, adres błędu 0x00010a19.

Error - 2010-03-07 06:41:29 | Computer Name = MOJWA | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca BitComet.exe, wersja 1.13.6.22, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2010-04-08 18:50:41 | Computer Name = MOJWA | Source = HTTP | ID = 15005
Description = Nie można powiązać z leżącą niżej warstwą transportową dla 0.0.0.0:2869.
Na liście IP tylko-do-nasłuchu mogą znajdować się odwołania do interfejsu, który
nie istnieje na tym komputerze. Numer błędu znajduje się w polu danych.

Error - 2010-04-24 07:18:34 | Computer Name = MOJWA | Source = Service Control Manager | ID = 7034
Description = Usługa Application Updater niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-04-24 07:20:06 | Computer Name = MOJWA | Source = Service Control Manager | ID = 7031
Description = Usługa Apple Mobile Device niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność
korekcyjna: Uruchom usługę ponownie.

Error - 2010-04-24 14:19:31 | Computer Name = MOJWA | Source = HTTP | ID = 15005
Description = Nie można powiązać z leżącą niżej warstwą transportową dla 0.0.0.0:2869.
Na liście IP tylko-do-nasłuchu mogą znajdować się odwołania do interfejsu, który
nie istnieje na tym komputerze. Numer błędu znajduje się w polu danych.

Error - 2010-04-24 14:19:31 | Computer Name = MOJWA | Source = HTTP | ID = 15005
Description = Nie można powiązać z leżącą niżej warstwą transportową dla 0.0.0.0:2869.
Na liście IP tylko-do-nasłuchu mogą znajdować się odwołania do interfejsu, który
nie istnieje na tym komputerze. Numer błędu znajduje się w polu danych.

Error - 2010-04-25 16:47:51 | Computer Name = MOJWA | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 2010-05-11 13:44:57 | Computer Name = MOJWA | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2010-05-11 13:44:57 | Computer Name = MOJWA | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.

Error - 2010-05-11 13:56:22 | Computer Name = MOJWA | Source = Ftdisk | ID = 262189
Description = System nie może pomyślnie załadować sterownika zrzutu awaryjnego.

Error - 2010-05-11 13:56:23 | Computer Name = MOJWA | Source = Ftdisk | ID = 262193
Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się.
Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco
duży, aby zawierać całą pamięć fizyczną.


< End of report >


a z GMERem cos mi sie chrzani... ;f
http://www.wklej.org/id/332329/

[wojtas]

zastosuj:
http://support.kaspersky.com/pl/faq/?qid=208280698
i pokaż raport w nowym poście

pobierz i zapisz na C:
http://www.sendspace.com/file/05hg8c

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{17AA6CD3-6AB9-4BF8-9C4E-29F652D06CB2}
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\URLSearchHook: {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SplitCam Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {4CFC8387-5FB1-47C1-8AA4-5B7B906A591E}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin [2010-02-24 18:23:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2010-03-08 18:09:24 | 000,000,000 | ---D | M]
C:\Documents and Settings\Mojwuś\Dane aplikacji\Mozilla\Firefox\Profiles\lk8xjjnq.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2009-09-22 20:42:23 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Mojwuś\Dane aplikacji\Mozilla\Firefox\Profiles\lk8xjjnq.default\searchplugins\bing.xml
[2010-02-25 21:24:18 | 000,009,977 | ---- | M] () -- C:\Documents and Settings\Mojwuś\Dane aplikacji\Mozilla\Firefox\Profiles\lk8xjjnq.default\searchplugins\mywebsearch.xml
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Smart-Shopper) - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.6.71\Smrt-Shpr.dll (SmartShopper Networks)
O2 - BHO: (Softonic-en Toolbar) - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Softonic-en Toolbar) - {983ad4d4-8b63-442f-8684-fbc1c067949c} - C:\Program Files\Softonic-en\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\Toolbar\WebBrowser: (SplitCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\Toolbar\WebBrowser: (Softonic-en Toolbar) - {983AD4D4-8B63-442F-8684-FBC1C067949C} - C:\Program Files\Softonic-en\tbSof1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-823518204-1004336348-839522115-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-823518204-1004336348-839522115-1004..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKU\S-1-5-21-823518204-1004336348-839522115-1004..\Run: [diarook] C:\Documents and Settings\Mojwuś\diarook.exe (Microsoft)
O4 - HKU\S-1-5-21-823518204-1004336348-839522115-1004..\Run: [M5T8QL3YW3] C:\Documents and Settings\Mojwuś\Ustawienia lokalne\Temp\Hs1.exe ()
O4 - HKU\S-1-5-21-823518204-1004336348-839522115-1004..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - Startup: C:\Documents and Settings\Mojwuś\Menu Start\Programy\Autostart\ctfmon.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O32 - AutoRun File - [2010-05-11 20:05:31 | 000,000,160 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-05-11 20:05:31 | 000,000,160 | RHS- | M] () - M:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4276d76f-edab-11de-b026-0013d3f2bc47}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{59326b92-9bc6-11de-b003-0013d3f2bc47}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{9bd21a42-989d-11de-b001-0013d3f2bc47}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{c327b5a5-6e17-11de-afe6-0013d3f2bc47}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{c327b5b1-6e17-11de-afe6-0013d3f2bc47}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found

:Files
C:\DOCUME~1\MOJWU~1\USTAWI~1\Temp\Hs1.exe
C:\Program Files\RelevantKnowledge
C:\Documents and Settings\Mojwuś\diarook.exe
C:\Documents and Settings\All Users\Dane aplikacji\Wyeke
C:\Program Files\Wyeke
C:\Program Files\MyWebSearch
C:\Program Files\Application Updater
C:\Documents and Settings\Mojwuś\Menu Start\Programy\Autostart\ctfmon.exe
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\nmdfgds1.dll
C:\WINDOWS\system32\sshnas21.dll
C:\Program Files\Winamp Toolbar
C:\Program Files\Smart-Shopper
C:\Program Files\SplitCam Toolbar
C:\Program Files\pdfforge Toolbar
C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Documents and Settings\Mojwuś\Pulpit\HiJackThis.msi
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1004336348-839522115-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Hmalib.exe
C:\WINDOWS\Hmalia.exe
C:\Documents and Settings\Mojwuś\Dane aplikacji\Search Settings
C:\Documents and Settings\Mojwuś\Dane aplikacji\Smart-Shopper
C:\WINDOWS\System32\ws2_32.dll|C:\ws2_32.dll /replace

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Mojwuś\Ustawienia lokalne\Temp\~osDE7.tmp\rlvknlg.exe"=-
"C:\WINDOWS\Temp\~os11.tmp\rlvknlg.exe"=-
"c:\program files\relevantknowledge\rlvknlg.exe"=-

:Services
SSHNAS
MyWebSearchService
Application Updater
Wyeke Service

:Commands
[emptytemp]
[resethosts]
[emptyflash]
[clearallrestorepoints]

Kliknij w Run Fix. I potwierdź reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera + log z Gmera + USBFix z opcji 5

[Mojwa92]

USBfix: http://wklej.org/id/332664/
GMER: http://wklej.org/id/332666/
OTL: http://wklej.org/id/332669/

nie mam tego raportu, za późno się poczaiłam, że muszę coś dodatkowo ustawić ;f

[wojtas]

daj w takim razie log z Combofixa otl-dds-combofix-vt117885.html

[Mojwa92]

Kod: Zaznacz wszystko

ComboFix 10-05-12.01 - Mojwuś 2010-05-12  21:38:38.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1023.659 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mojwuś\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Dane aplikacji\hpe1677.dll
c:\documents and settings\All Users\Dane aplikacji\Toolbar4
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6bfddd8645741b46504fb8551630bd57
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6e585a4f6f9c6d04ca5051bf15e7b1f4
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\88e28a67c3c49d3518cb9acad4482547
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d07510b741bd23d4aad1749f528c1ed3
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d8ea4c9bb43f7b6eb8cb4c444ec42a4c
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\9dca2fee2d37a01876cf09304ae974f8
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\orange-install.ico
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\All Users\Dane aplikacji\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\documents and settings\All Users\Dane aplikacji\Wyeke
c:\documents and settings\All Users\Dane aplikacji\Wyeke\wyeke151.exe
c:\documents and settings\Mojwuś\ggmtxbuj.exe
C:\opgde.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0064D441
c:\program files\MyWebSearch\bar\Cache\00FD8AAD.bin
c:\program files\MyWebSearch\bar\Cache\00FD8E37.bin
c:\program files\MyWebSearch\bar\Cache\00FD8F7F.bin
c:\program files\MyWebSearch\bar\Cache\00FD90D7.bin
c:\program files\MyWebSearch\bar\Cache\00FD923E.bin
c:\program files\MyWebSearch\bar\Cache\00FD9377.bin
c:\program files\MyWebSearch\bar\Cache\00FD94AF.bin
c:\program files\MyWebSearch\bar\Cache\0A46165E.bin
c:\program files\MyWebSearch\bar\Cache\0A461AD2.bin
c:\program files\MyWebSearch\bar\Cache\13E01AFE.exe
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\msvcp71.dll
c:\program files\RelevantKnowledge\msvcr71.dll
c:\program files\RelevantKnowledge\rlls.dl_
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.6.71\Smrt-Shpr.dll
c:\program files\Smart-Shopper\Uninst.exe
c:\program files\Wyeke
c:\program files\Wyeke\uninstall.exe
c:\program files\Wyeke\wyeke.dll
c:\program files\Wyeke\wyeke.exe
c:\program files\Wyeke\Wyeke_deleted_\wyeke.dll
c:\program files\Wyeke\Wyeke_deleted_\wyeke.exe
c:\program files\Wyeke\Wyeke_deleted0\wyeke.dll
c:\program files\Wyeke\Wyeke_deleted0\wyeke.exe
c:\recycled\Recycled
c:\windows\Hmalia.exe
c:\windows\Hmalib.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\scvideo.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
M:\autorun.inf
M:\opgde.exe

Zainfekowana kopia c:\windows\system32\drivers\rasacd.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty had a snack :p
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Legacy_WYEKE_SERVICE
-------\Service_MyWebSearchService
-------\Service_SSHNAS
-------\Service_Wyeke Service


(((((((((((((((((((((((((   Pliki utworzone od 2010-04-12 do 2010-05-12  )))))))))))))))))))))))))))))))
.

2010-05-12 12:49 . 2010-05-12 16:30   --------   d-----w-   C:\UsbFix
2010-05-12 12:15 . 2010-05-12 12:15   --------   d-----w-   C:\_OTL
2010-05-12 12:11 . 2010-05-12 12:11   82944   ----a-w-   C:\ws2_32.dll
2010-05-07 19:52 . 2010-05-07 19:52   41872   ----a-w-   c:\windows\system32\xfcodec.dll
2010-05-07 15:33 . 2010-05-07 15:33   --------   d-----w-   c:\program files\Notepad++
2010-05-06 19:08 . 2010-05-06 19:08   --------   d-----w-   c:\program files\easyHDR BASIC
2010-04-26 18:55 . 2010-04-26 18:55   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2010-04-26 18:53 . 2008-05-16 09:33   115752   ----a-w-   c:\windows\system32\drivers\s0016unic.sys
2010-04-26 18:53 . 2008-05-16 09:33   10792   ----a-w-   c:\windows\system32\drivers\s0016cr.sys
2010-04-26 18:53 . 2008-05-16 09:33   25512   ----a-w-   c:\windows\system32\drivers\s0016nd5.sys
2010-04-26 18:53 . 2008-05-16 09:33   114216   ----a-w-   c:\windows\system32\drivers\s0016mgmt.sys
2010-04-26 18:53 . 2008-05-16 09:33   110632   ----a-w-   c:\windows\system32\drivers\s0016obex.sys
2010-04-26 18:53 . 2008-05-16 09:33   15016   ----a-w-   c:\windows\system32\drivers\s0016mdfl.sys
2010-04-26 18:53 . 2008-05-16 09:33   89256   ----a-w-   c:\windows\system32\drivers\s0016bus.sys
2010-04-26 18:53 . 2008-05-16 09:33   12200   ----a-w-   c:\windows\system32\drivers\s0016whnt.sys
2010-04-26 18:53 . 2008-05-16 09:33   12200   ----a-w-   c:\windows\system32\drivers\s0016wh.sys
2010-04-26 18:53 . 2008-05-16 09:33   12200   ----a-w-   c:\windows\system32\drivers\s0016cmnt.sys
2010-04-26 18:53 . 2008-05-16 09:33   12200   ----a-w-   c:\windows\system32\drivers\s0016cm.sys
2010-04-26 18:53 . 2008-05-16 09:33   120744   ----a-w-   c:\windows\system32\drivers\s0016mdm.sys
2010-04-26 18:52 . 2010-04-26 18:52   --------   d-----w-   c:\program files\Sony Ericsson
2010-04-26 18:52 . 2010-04-26 18:52   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2010-04-19 13:26 . 2010-04-19 13:26   --------   d-----w-   c:\program files\Audacity
2010-04-18 20:55 . 2010-04-18 20:55   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\2DBoy
2010-04-18 20:54 . 2010-04-18 20:55   --------   d-----w-   c:\program files\WorldOfGoo
2010-04-15 19:24 . 2010-04-15 19:24   --------   d-----w-   c:\program files\VSO

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 19:38 . 2010-03-14 18:44   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-12 12:32 . 2009-07-11 14:43   --------   d-----w-   c:\program files\Winamp Toolbar
2010-05-11 20:48 . 2009-09-19 20:37   --------   d-----w-   c:\program files\Softonic-en
2010-04-30 15:42 . 2009-07-11 10:06   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-04-14 20:34 . 2010-03-12 20:21   --------   d-----w-   c:\program files\Google
2010-04-01 13:12 . 2010-04-01 13:12   --------   d-----w-   c:\program files\LogMeIn Hamachi
2010-03-28 20:29 . 2009-07-11 18:08   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-03-28 16:27 . 2010-03-28 16:27   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\BioWare
2010-03-28 15:52 . 2009-10-28 21:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-28 15:51 . 2009-10-28 21:31   --------   d-----w-   c:\program files\AGEIA Technologies
2010-03-28 15:50 . 2010-03-28 15:16   --------   d-----w-   c:\program files\Common Files\BioWare
2010-03-28 08:36 . 2006-03-02 12:00   89874   ----a-w-   c:\windows\system32\perfc015.dat
2010-03-28 08:36 . 2006-03-02 12:00   503306   ----a-w-   c:\windows\system32\perfh015.dat
2010-03-10 23:24 . 2010-03-10 23:24   13824   ----a-w-   c:\windows\system32\drivers\splitcam.sys
2010-03-03 00:02 . 2010-03-03 00:02   72488   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17   700416   ----a-w-   c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2010-04-21 6738432]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"diarook"="c:\documents and settings\Mojwuś\diarook.exe" [2010-05-11 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-16 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2009-11-10 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Mojwu˜\Menu Start\Programy\Autostart\
ctfmon.exe [2006-10-24 40960]
Xfire.lnk - m:\program files\Xfire\Xfire.exe [2010-5-7 3475856]

c:\documents and settings\Mojwu˜\Menu Start\Programy\Autostart\
ctfmon.exe [2006-10-24 40960]
Xfire.lnk - m:\program files\Xfire\Xfire.exe [2010-5-7 3475856]

c:\documents and settings\Mojwu˜\Menu Start\Programy\Autostart\
ctfmon.exe [2006-10-24 40960]
Xfire.lnk - m:\program files\Xfire\Xfire.exe [2010-5-7 3475856]

c:\documents and settings\Mojwu˜\Menu Start\Programy\Autostart\
ctfmon.exe [2006-10-24 40960]
Xfire.lnk - m:\program files\Xfire\Xfire.exe [2010-5-7 3475856]

[HKLM\~\startupfolder\C:^Documents and Settings^Mojwuś^Menu Start^Programy^Autostart^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Mojwuś\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06   1848648   ----a-w-   c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20   689488   ----a-w-   c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 10:08   397312   ------w-   m:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07   141608   ----a-w-   m:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
2005-05-24 21:41   503808   ----a-w-   c:\program files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
2004-02-13 06:34   57344   ----a-w-   c:\program files\Lexmark 2200 Series\lxbvbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16   1820040   ----a-w-   c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08   417792   ----a-w-   c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherBugAlert]
2009-07-08 07:31   442368   ----a-w-   c:\program files\AWS\WeatherBug Alert\WeatherBugAlert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37   37888   ----a-w-   m:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"m:\\Program Files\\BitComet\\BitComet.exe"=
"m:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"m:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"m:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"=
"m:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"m:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"m:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"m:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"m:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"m:\\Program Files\\Steam\\steamapps\\Mojwusia\\Left 4 dead 2\\left4dead2.exe"=
"m:\\Program Files\\Steam\\steamapps\\Mojwusia\\Left 4 Dead\\left4dead.exe"=
"m:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"m:\\Program Files\\Steam\\steamapps\\Mojwusia\\Left 4 Dead\\hl2.exe"=
"m:\\Program Files\\VUGames\\SWAT 4\\Content\\System\\Swat4.exe"=
"m:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"m:\\Program Files\\Opera\\opera.exe"=
"m:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"m:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"m:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22328:TCP"= 22328:TCP:BitComet 22328 TCP
"22328:UDP"= 22328:UDP:BitComet 22328 UDP
"11192:TCP"= 11192:TCP:BitComet 11192 TCP
"11192:UDP"= 11192:UDP:BitComet 11192 UDP

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-04-26 90112]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2010-02-06 42880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-02-06 16512]
S3 DAUpdaterSvc;Dragon Age: Początek - Aktualizator zawartości;m:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-03-28 25832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-04-26 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-04-26 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-04-26 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-04-26 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-04-26 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-04-26 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-04-26 115752]
S3 zlportio;zlportio;\??\m:\downloads\Ultrastar.Rock.Ballads.2007.ENGLiSH-ULTRASTAR\ultrastar\zlportio.sys --> m:\downloads\Ultrastar.Rock.Ballads.2007.ENGLiSH-ULTRASTAR\ultrastar\zlportio.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:21]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 20:21]

2010-02-24 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2010-02-24 13:10]

2010-05-12 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-02-24 13:48]

2010-05-11 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2010-02-24 13:34]
.
.
------- Skan uzupełniający -------
.
uStart Page =
mStart Page = hxxp://www.bigseekpro.com/splitcam/{17AA6CD3-6AB9-4BF8-9C4E-29F652D06CB2}
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&ksportuj do programu Microsoft Excel - m:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - m:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - m:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - m:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Mojwuś\Dane aplikacji\Mozilla\Firefox\Profiles\lk8xjjnq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: m:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: m:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: m:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: m:\program files\Opera\program\plugins\NPOFF12.DLL
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: m:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: m:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: m:\program files\Opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13m:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
m:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
m:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
m:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{983ad4d4-8b63-442f-8684-fbc1c067949c} - (no file)
Toolbar-{983ad4d4-8b63-442f-8684-fbc1c067949c} - (no file)
WebBrowser-{983AD4D4-8B63-442F-8684-FBC1C067949C} - (no file)
MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Ashampoo Burning Studio 8_is1 - m:\program files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe
AddRemove-BF2142 1.50 Clan mod v 3.02 - m:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\Uninstall_clanmod.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe
AddRemove-Steam App 590 - c:\program files\Steam\steam.exe
AddRemove-Syberia_is1 - m:\program files\Kolekcja Klasyki\Syberia\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 21:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86191EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7620fc3
\Driver\ACPI -> ACPI.sys @ 0xf74b2cb8
\Driver\atapi -> atapi.sys @ 0xf746a7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Karta Fast Ethernet zgodna z VIA -> SendCompleteHandler -> NDIS.sys @ 0xf7364ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7371b21
SendHandler -> NDIS.sys @ 0xf734f87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Winferno\PC Confidential\PCCBHO.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\documents and settings\Mojwuś\Menu Start\Programy\Autostart\ctfmon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Czas ukończenia: 2010-05-12  21:55:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-05-12 19:55

Przed: 5 768 704 000 bajtów wolnych
Po: 6 400 974 848 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - FA0A919C8346820E9748AE3ED679E750


[wojtas]

w dodaj usun programy odinstaluj :

Winamp Toolbar
pdfforge Toolbar

Otworz notatnik i wklej w nim to:

Folder::
c:\program files\Application Updater

FCopy::
c:\ws2_32.dll | c:\windows\system32\System32\ws2_32.dll

Driver::
Application Updater

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go. + nowy log z Gmera

[Mojwa92]

Combo: http://wklej.org/id/333439/
GMER: http://wklej.org/id/333440/

eh, ma ktoś pomysł co z tym Chromem?
próbowałam reinstallu ale wciąż to samo - uruchamiam, wyskakuje błąd, że aplikacja zostanie zamknięta. eh. i tak w koło macieju.

[wojtas]

użyj http://support.kaspersky.com/viruses/solutions?qid=208280684 . wytworzy się raport daj w następnym poście.

pobierz , wypakuj na C :
http://www.sendspace.com/file/01kh6r


Otworz notatnik i wklej w nim to:

FCopy::
c:\rasacd.sys | c:\windows\system32\dllcache\rasacd.sys
c:\rasacd.sys | c:\windows\system32\drivers\rasacd.sys
c:\atapi.sys | c:\windows\system32\dllcache\atapi.sys
c:\atapi.sys | c:\windows\system32\drivers\atapi.sys

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go. + raport z TDSSKiller + Nowy Gmer