Problem z usunięcem wyjątkowo opornego szkodnika

Dla specjalistów Bezpieczeństwo
#1

Mam bardzo poważny problem z systemem operacyjnym Windows XP. Otóż wczoraj kupiłem sobie Router Wi-Fi firmy NETGEAR. Mając poważne problemy z instalacją urządzenia postanowiłem poszukać rozwiązania na stronie producenta. I tu zaczął się mój problem. Gdy wszedłem na stronę (wygląd i adres się zgadzały) mój antywirus (Avast internet Security) wyświetlił komunikat o wykrytym zagrożeniu. Ja głupi uznałem, że po prostu jakaś reklama zostalą mylnie wykryta jako groźna, i oczywiście zignorowałem komunikat, i przerwałem na chwilę prace osłon. W skutek tego po chwili, gdy osłony znów zaczęły działać, Avast wyskoczył z komunikatem, że wykryto zagrożenie w procesie “explorer.exe”. Ja oczywiście od razu uruchamiam skanowanie komputera. Skanowanie ie doszło do skutku, tylko zacięło się przy ok 98% (co ciekawe trwa ono nadal, nie da się go przerwać), i komputer się zresetował. Po ponownym uruchomieniu Avast uruchomił się bez żadnej działającej osłony. Ponadto zainstalowany na tym samym systemie Windows Defender też nie może się uruchomić. Próbowałem już wszystkiego. Od uruchomienia Avasta na drugim systemie (mam jeszcze Windows 7 na drugiej partycji), który nieco pomógł usuwając cześć zarażonych plików, poprzez Arcanixa (build z 2010), który też co-nieco usunął. Nie zapominając o antywirusach z dwóch systemów PE (które nic nie wykryły), no i szczepionce Avasta, która nie mogła części plików w ogóle przeskanować. Na koniec gdy już całkiem straciłem pomysły chciałem zrobić zrzut logów z HijackThis, ale podczas skanowania program się wyłączył, i nie da się go już uruchomić. Prawdopodobnie został spacyfikowany przez owego wirusa. Czy jest jeszcze jakaś opcja usunięcia tego wirusa oprócz formatowania systemu? I czy są jeszcze jakieś programy podobne do Hijacka, to może udałoby mi się wrzucić jakieś logi.

Z góry dziękuje za pomoc.

#2

Wykonaj skanowanie za pomocą Kaspersky rescude disk 10 - http://support.kaspersky.com/pl/faq/?qid=208282170.

Skaner na CD należy nagrać należy jako obrazy ISO ( funkcja nagrywania ).

Komputer należy uruchomić z płytą w nagrywarce i potwierdzić rozpoczęcie skanowania. Jak używasz pen-a podłącz go do USB przed uruchomieniem skanerów.

Skanowanie za pomocą Kaspersky Rescude Disk

Uruchom komputer z nagraną płytą w nagrywarce CD/DVD. Potwierdź w czasie 9s chęć skanowania, wybierz język komunikacji ( polski ), potwierdzić znajomość przepisów - litania tekstu. Na dole w pasku jest litera A ( pokazać i Enter )

Wchodzimy w menu partycji. Jeżeli masz aktywne łącze internetowe stałe, możesz zrobić dodatkową aktualizację bazy skanera.

W ustawieniach odszukać pozycje zaawansowane i tryb heurystyki ustawić na max.

Uruchom proces skanowania…

CD przygotuj na sprawnym PC

#3

Ponieważ wydaje mi się że OTL także się wyłączy, pobierz Kasperski TDSSKiller instrukcja [http://www.fixitpc.pl/topic/8-dezynfekc#entry6814](http://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/page p 6814) Jak program coś wykryje wybierasz Skip prezentujesz raport na forum

#4

Oto log o który prosiłeś

19:47:13.0718 2276	TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

19:47:14.0000 2276	============================================================

19:47:14.0000 2276	Current date / time: 2011/10/18 19:47:14.0000

19:47:14.0000 2276	SystemInfo:

19:47:14.0000 2276	

19:47:14.0000 2276	OS Version: 5.1.2600 ServicePack: 3.0

19:47:14.0000 2276	Product type: Workstation

19:47:14.0000 2276	ComputerName: VITHAR-D0EF8549

19:47:14.0000 2276	UserName: Vithar

19:47:14.0000 2276	Windows directory: C:\WINDOWS

19:47:14.0000 2276	System windows directory: C:\WINDOWS

19:47:14.0000 2276	Processor architecture: Intel x86

19:47:14.0000 2276	Number of processors: 2

19:47:14.0000 2276	Page size: 0x1000

19:47:14.0000 2276	Boot type: Normal boot

19:47:14.0000 2276	============================================================

19:47:16.0781 2276	Initialize success

19:47:34.0906 2736	============================================================

19:47:34.0906 2736	Scan started

19:47:34.0906 2736	Mode: Manual; 

19:47:34.0906 2736	============================================================

19:47:35.0703 2736	Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys

19:47:35.0703 2736	Aavmker4 - ok

19:47:35.0703 2736	Abiosdsk - ok

19:47:35.0718 2736	abp480n5 - ok

19:47:35.0750 2736	ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:47:35.0750 2736	ACPI - ok

19:47:35.0828 2736	ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:47:35.0828 2736	ACPIEC - ok

19:47:35.0843 2736	adpu160m - ok

19:47:35.0890 2736	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:47:35.0890 2736	aec - ok

19:47:35.0921 2736	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:47:35.0921 2736	AFD - ok

19:47:35.0921 2736	Aha154x - ok

19:47:35.0953 2736	aic78u2 - ok

19:47:35.0968 2736	aic78xx - ok

19:47:35.0984 2736	AliIde - ok

19:47:36.0046 2736	Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

19:47:36.0078 2736	Ambfilt - ok

19:47:36.0109 2736	AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

19:47:36.0109 2736	AmdPPM - ok

19:47:36.0140 2736	amsint - ok

19:47:36.0156 2736	AppleCharger (ca68cbf713bba2c27186fbe4bf8406f8) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

19:47:36.0156 2736	AppleCharger - ok

19:47:36.0203 2736	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:47:36.0203 2736	Arp1394 - ok

19:47:36.0218 2736	asc - ok

19:47:36.0234 2736	asc3350p - ok

19:47:36.0250 2736	asc3550 - ok

19:47:36.0312 2736	aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys

19:47:36.0312 2736	aswFsBlk - ok

19:47:36.0328 2736	aswFW (8c5b61dbfdaccc0a316acdea76774b32) C:\WINDOWS\system32\drivers\aswFW.sys

19:47:36.0328 2736	aswFW - ok

19:47:36.0375 2736	aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys

19:47:36.0375 2736	aswMon2 - ok

19:47:36.0406 2736	aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys

19:47:36.0421 2736	aswNdis - ok

19:47:36.0453 2736	aswNdis2 (37ebf6f81b4cb0aebe2345eeae85f112) C:\WINDOWS\system32\drivers\aswNdis2.sys

19:47:36.0453 2736	aswNdis2 - ok

19:47:36.0484 2736	aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys

19:47:36.0484 2736	aswRdr - ok

19:47:36.0656 2736	aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys

19:47:36.0656 2736	aswSnx - ok

19:47:36.0812 2736	aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys

19:47:36.0812 2736	aswSP - ok

19:47:36.0890 2736	aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys

19:47:36.0890 2736	aswTdi - ok

19:47:36.0968 2736	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:47:36.0968 2736	AsyncMac - ok

19:47:37.0000 2736	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:47:37.0000 2736	atapi - ok

19:47:37.0015 2736	Atdisk - ok

19:47:38.0046 2736	ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

19:47:38.0078 2736	ati2mtag - ok

19:47:38.0265 2736	atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

19:47:38.0265 2736	atksgt - ok

19:47:38.0312 2736	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:47:38.0328 2736	Atmarpc - ok

19:47:38.0375 2736	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:47:38.0390 2736	audstub - ok

19:47:38.0421 2736	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:47:38.0421 2736	Beep - ok

19:47:38.0453 2736	BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

19:47:38.0453 2736	BrScnUsb - ok

19:47:38.0500 2736	BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

19:47:38.0500 2736	BVRPMPR5 - ok

19:47:38.0531 2736	c0769c25 - ok

19:47:38.0578 2736	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:47:38.0593 2736	cbidf2k - ok

19:47:38.0609 2736	CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:47:38.0609 2736	CCDECODE - ok

19:47:38.0625 2736	cd20xrnt - ok

19:47:38.0640 2736	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:47:38.0656 2736	Cdaudio - ok

19:47:38.0656 2736	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:47:38.0656 2736	Cdfs - ok

19:47:38.0703 2736	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:47:38.0703 2736	Cdrom - ok

19:47:38.0718 2736	Changer - ok

19:47:38.0718 2736	CmdIde - ok

19:47:38.0750 2736	Cpqarray - ok

19:47:38.0765 2736	dac2w2k - ok

19:47:38.0796 2736	dac960nt - ok

19:47:38.0828 2736	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:47:38.0828 2736	Disk - ok

19:47:38.0859 2736	dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys

19:47:38.0890 2736	dmboot - ok

19:47:38.0906 2736	dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys

19:47:38.0921 2736	dmio - ok

19:47:38.0937 2736	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:47:38.0937 2736	dmload - ok

19:47:38.0968 2736	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:47:38.0968 2736	DMusic - ok

19:47:39.0000 2736	dpti2o - ok

19:47:39.0062 2736	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:47:39.0078 2736	drmkaud - ok

19:47:39.0125 2736	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:47:39.0125 2736	Fastfat - ok

19:47:39.0156 2736	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:47:39.0156 2736	Fdc - ok

19:47:39.0171 2736	Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys

19:47:39.0187 2736	Fips - ok

19:47:39.0187 2736	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:47:39.0187 2736	Flpydisk - ok

19:47:39.0234 2736	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:47:39.0250 2736	FltMgr - ok

19:47:39.0265 2736	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:47:39.0265 2736	Fs_Rec - ok

19:47:39.0296 2736	Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:47:39.0296 2736	Ftdisk - ok

19:47:39.0328 2736	gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys

19:47:40.0125 2736	gdrv - ok

19:47:40.0234 2736	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:47:40.0234 2736	Gpc - ok

19:47:40.0281 2736	hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

19:47:40.0281 2736	hamachi - ok

19:47:40.0312 2736	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:47:40.0312 2736	HDAudBus - ok

19:47:40.0343 2736	hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:47:40.0343 2736	hidusb - ok

19:47:40.0359 2736	hpn - ok

19:47:40.0390 2736	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:47:40.0406 2736	HTTP - ok

19:47:40.0421 2736	i2omgmt - ok

19:47:40.0421 2736	i2omp - ok

19:47:40.0453 2736	i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:47:40.0453 2736	i8042prt - ok

19:47:40.0484 2736	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:47:40.0484 2736	Imapi - ok

19:47:40.0500 2736	ini910u - ok

19:47:40.0890 2736	IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:47:40.0921 2736	IntcAzAudAddService - ok

19:47:40.0953 2736	IntelIde - ok

19:47:41.0000 2736	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:47:41.0031 2736	Ip6Fw - ok

19:47:41.0062 2736	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:47:41.0062 2736	IpFilterDriver - ok

19:47:41.0093 2736	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:47:41.0093 2736	IpInIp - ok

19:47:41.0125 2736	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:47:41.0125 2736	IpNat - ok

19:47:41.0156 2736	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:47:41.0156 2736	IRENUM - ok

19:47:41.0187 2736	isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:47:41.0187 2736	isapnp - ok

19:47:41.0234 2736	JRAID (6242e8dd2e43e8a0dda517d62c9680e6) C:\WINDOWS\system32\DRIVERS\jraid.sys

19:47:41.0234 2736	JRAID - ok

19:47:41.0250 2736	Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:47:41.0250 2736	Kbdclass - ok

19:47:41.0250 2736	kbdhid (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:47:41.0250 2736	kbdhid - ok

19:47:41.0281 2736	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:47:41.0281 2736	kmixer - ok

19:47:41.0296 2736	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:47:41.0296 2736	KSecDD - ok

19:47:41.0328 2736	lbrtfdc - ok

19:47:41.0390 2736	lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

19:47:41.0390 2736	lirsgt - ok

19:47:41.0437 2736	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:47:41.0437 2736	mnmdd - ok

19:47:41.0453 2736	Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys

19:47:41.0453 2736	Modem - ok

19:47:41.0531 2736	Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

19:47:41.0546 2736	Monfilt - ok

19:47:41.0562 2736	Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:47:41.0562 2736	Mouclass - ok

19:47:41.0578 2736	mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:47:41.0578 2736	mouhid - ok

19:47:41.0593 2736	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:47:41.0593 2736	MountMgr - ok

19:47:41.0609 2736	mraid35x - ok

19:47:41.0640 2736	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:47:41.0640 2736	MRxDAV - ok

19:47:41.0765 2736	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:47:41.0843 2736	MRxSmb - ok

19:47:41.0953 2736	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:47:41.0953 2736	Msfs - ok

19:47:42.0046 2736	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:47:42.0062 2736	MSKSSRV - ok

19:47:42.0093 2736	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:47:42.0093 2736	MSPCLOCK - ok

19:47:42.0109 2736	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:47:42.0109 2736	MSPQM - ok

19:47:42.0156 2736	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:47:42.0156 2736	mssmbios - ok

19:47:42.0296 2736	MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:47:42.0296 2736	MSTEE - ok

19:47:42.0343 2736	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:47:42.0390 2736	Mup - ok

19:47:42.0468 2736	NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:47:42.0468 2736	NABTSFEC - ok

19:47:42.0578 2736	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:47:42.0593 2736	NDIS - ok

19:47:42.0750 2736	NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:47:42.0765 2736	NdisIP - ok

19:47:42.0859 2736	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:47:42.0890 2736	NdisTapi - ok

19:47:42.0984 2736	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:47:42.0984 2736	Ndisuio - ok

19:47:43.0046 2736	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:47:43.0046 2736	NdisWan - ok

19:47:43.0062 2736	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:47:43.0062 2736	NDProxy - ok

19:47:43.0078 2736	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:47:43.0078 2736	NetBIOS - ok

19:47:43.0156 2736	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:47:43.0187 2736	NetBT - ok

19:47:43.0343 2736	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:47:43.0343 2736	NIC1394 - ok

19:47:43.0375 2736	nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys

19:47:43.0375 2736	nmwcd - ok

19:47:43.0515 2736	nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys

19:47:43.0531 2736	nmwcdc - ok

19:47:43.0828 2736	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:47:43.0828 2736	Npfs - ok

19:47:43.0843 2736	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:47:43.0859 2736	Ntfs - ok

19:47:44.0281 2736	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:47:44.0281 2736	Null - ok

19:47:44.0312 2736	nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys

19:47:44.0312 2736	nusb3hub - ok

19:47:44.0406 2736	nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys

19:47:44.0406 2736	nusb3xhc - ok

19:47:44.0421 2736	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:47:44.0421 2736	NwlnkFlt - ok

19:47:44.0437 2736	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:47:44.0437 2736	NwlnkFwd - ok

19:47:44.0437 2736	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:47:44.0453 2736	ohci1394 - ok

19:47:44.0484 2736	Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\drivers\Parport.sys

19:47:44.0484 2736	Parport - ok

19:47:44.0593 2736	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:47:44.0593 2736	PartMgr - ok

19:47:44.0593 2736	ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys

19:47:44.0593 2736	ParVdm - ok

19:47:44.0625 2736	pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

19:47:44.0640 2736	pccsmcfd - ok

19:47:44.0640 2736	PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys

19:47:44.0640 2736	PCI - ok

19:47:44.0656 2736	PCIDump - ok

19:47:44.0687 2736	PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:47:44.0687 2736	PCIIde - ok

19:47:44.0687 2736	Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:47:44.0703 2736	Pcmcia - ok

19:47:44.0703 2736	PDCOMP - ok

19:47:44.0703 2736	PDFRAME - ok

19:47:44.0718 2736	PDRELI - ok

19:47:44.0718 2736	PDRFRAME - ok

19:47:44.0718 2736	perc2 - ok

19:47:44.0734 2736	perc2hib - ok

19:47:44.0765 2736	Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys

19:47:44.0765 2736	Point32 - ok

19:47:44.0796 2736	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:47:44.0796 2736	PptpMiniport - ok

19:47:44.0812 2736	Processor (7a1367d250502c6416a4d3a19ef155f5) C:\WINDOWS\system32\DRIVERS\processr.sys

19:47:44.0812 2736	Processor - ok

19:47:44.0828 2736	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:47:44.0843 2736	PSched - ok

19:47:44.0859 2736	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:47:44.0859 2736	Ptilink - ok

19:47:44.0890 2736	PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:47:44.0890 2736	PxHelp20 - ok

19:47:44.0890 2736	ql1080 - ok

19:47:44.0890 2736	Ql10wnt - ok

19:47:44.0906 2736	ql12160 - ok

19:47:44.0906 2736	ql1240 - ok

19:47:44.0906 2736	ql1280 - ok

19:47:44.0921 2736	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:47:44.0921 2736	RasAcd - ok

19:47:44.0937 2736	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:47:44.0937 2736	Rasl2tp - ok

19:47:44.0953 2736	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:47:44.0953 2736	RasPppoe - ok

19:47:44.0953 2736	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:47:44.0953 2736	Raspti - ok

19:47:44.0968 2736	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:47:44.0968 2736	Rdbss - ok

19:47:44.0968 2736	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:47:44.0968 2736	RDPCDD - ok

19:47:45.0000 2736	RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

19:47:45.0000 2736	RDPWD - ok

19:47:45.0031 2736	redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:47:45.0031 2736	redbook - ok

19:47:45.0109 2736	RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys

19:47:45.0156 2736	RTHDMIAzAudService - ok

19:47:45.0171 2736	RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

19:47:45.0171 2736	RTLE8023xp - ok

19:47:45.0187 2736	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:47:45.0187 2736	Secdrv - ok

19:47:45.0203 2736	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:47:45.0203 2736	serenum - ok

19:47:45.0218 2736	Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys

19:47:45.0218 2736	Serial - ok

19:47:45.0250 2736	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:47:45.0250 2736	Sfloppy - ok

19:47:45.0250 2736	Simbad - ok

19:47:45.0265 2736	SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:47:45.0265 2736	SLIP - ok

19:47:45.0281 2736	Sparrow - ok

19:47:45.0296 2736	SPC520 (da4139817f0c2c19dd78604a409e7eac) C:\WINDOWS\system32\drivers\SPC520.sys

19:47:45.0296 2736	SPC520 - ok

19:47:45.0312 2736	SPC520m (e6bde1fc4fb3c949aed1125df383fdaa) C:\WINDOWS\system32\drivers\SPC520m.sys

19:47:45.0312 2736	SPC520m - ok

19:47:45.0328 2736	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:47:45.0328 2736	splitter - ok

19:47:45.0359 2736	sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

19:47:45.0359 2736	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

19:47:45.0359 2736	sptd ( LockedFile.Multi.Generic ) - warning

19:47:45.0359 2736	sptd - detected LockedFile.Multi.Generic (1)

19:47:45.0375 2736	sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys

19:47:45.0375 2736	sr - ok

19:47:45.0406 2736	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:47:45.0406 2736	Srv - ok

19:47:45.0421 2736	streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:47:45.0421 2736	streamip - ok

19:47:45.0437 2736	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:47:45.0437 2736	swenum - ok

19:47:45.0453 2736	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:47:45.0453 2736	swmidi - ok

19:47:45.0468 2736	symc810 - ok

19:47:45.0468 2736	symc8xx - ok

19:47:45.0468 2736	sym_hi - ok

19:47:45.0484 2736	sym_u3 - ok

19:47:45.0500 2736	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:47:45.0500 2736	sysaudio - ok

19:47:45.0515 2736	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:47:45.0515 2736	Tcpip - ok

19:47:45.0531 2736	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:47:45.0531 2736	TDPIPE - ok

19:47:45.0546 2736	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:47:45.0546 2736	TDTCP - ok

19:47:45.0562 2736	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:47:45.0562 2736	TermDD - ok

19:47:45.0578 2736	TosIde - ok

19:47:45.0593 2736	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:47:45.0593 2736	Udfs - ok

19:47:45.0609 2736	ultra - ok

19:47:45.0625 2736	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:47:45.0625 2736	Update - ok

19:47:45.0656 2736	upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

19:47:45.0671 2736	upperdev - ok

19:47:45.0687 2736	usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

19:47:45.0687 2736	usbaudio - ok

19:47:45.0703 2736	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:47:45.0703 2736	usbccgp - ok

19:47:45.0718 2736	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:47:45.0718 2736	usbehci - ok

19:47:45.0734 2736	usbfilter (e5b14557793164db879ee56f5b59c3e2) C:\WINDOWS\system32\DRIVERS\usbfilter.sys

19:47:45.0734 2736	usbfilter - ok

19:47:45.0750 2736	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:47:45.0750 2736	usbhub - ok

19:47:45.0765 2736	usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:47:45.0765 2736	usbohci - ok

19:47:45.0781 2736	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:47:45.0781 2736	usbprint - ok

19:47:45.0812 2736	usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

19:47:45.0812 2736	usbser - ok

19:47:45.0828 2736	UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

19:47:45.0828 2736	UsbserFilt - ok

19:47:45.0828 2736	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:47:45.0828 2736	USBSTOR - ok

19:47:45.0843 2736	usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

19:47:45.0859 2736	usbvideo - ok

19:47:45.0890 2736	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:47:45.0890 2736	VgaSave - ok

19:47:45.0890 2736	ViaIde - ok

19:47:45.0921 2736	viamraid (3a82a61e312addb3be8f1fe3481842b1) C:\WINDOWS\system32\DRIVERS\viamraid.sys

19:47:45.0921 2736	viamraid - ok

19:47:45.0937 2736	VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys

19:47:45.0937 2736	VolSnap - ok

19:47:45.0953 2736	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:47:45.0953 2736	Wanarp - ok

19:47:45.0984 2736	Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

19:47:46.0000 2736	Wdf01000 - ok

19:47:46.0000 2736	WDICA - ok

19:47:46.0015 2736	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:47:46.0015 2736	wdmaud - ok

19:47:46.0046 2736	WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

19:47:46.0046 2736	WmiAcpi - ok

19:47:46.0078 2736	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:47:46.0078 2736	WpdUsb - ok

19:47:46.0109 2736	WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:47:46.0109 2736	WSTCODEC - ok

19:47:46.0140 2736	WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:47:46.0140 2736	WudfPf - ok

19:47:46.0156 2736	WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:47:46.0156 2736	WudfRd - ok

19:47:46.0187 2736	MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

19:47:46.0187 2736	\Device\Harddisk2\DR2 - ok

19:47:46.0187 2736	MBR (0x1B8) (72a97337d58372247fa38f5f6d05dd2d) \Device\Harddisk0\DR0

19:47:46.0437 2736	\Device\Harddisk0\DR0 - ok

19:47:46.0437 2736	MBR (0x1B8) (b4cb88df781b4b59d03e4d4a14a2a6ad) \Device\Harddisk1\DR1

19:47:46.0437 2736	\Device\Harddisk1\DR1 - ok

19:47:46.0453 2736	Boot (0x1200) (def68d3f809032aebd357a3a93753652) \Device\Harddisk2\DR2\Partition0

19:47:46.0453 2736	\Device\Harddisk2\DR2\Partition0 - ok

19:47:46.0468 2736	Boot (0x1200) (5b0e0f04db94f57b858021a007c1c94f) \Device\Harddisk2\DR2\Partition1

19:47:46.0468 2736	\Device\Harddisk2\DR2\Partition1 - ok

19:47:46.0484 2736	Boot (0x1200) (9e5113131915244da5d0aa3be78f9b46) \Device\Harddisk2\DR2\Partition2

19:47:46.0484 2736	\Device\Harddisk2\DR2\Partition2 - ok

19:47:46.0484 2736	Boot (0x1200) (00b4b556de3214996cd2550bacace3f1) \Device\Harddisk0\DR0\Partition0

19:47:46.0484 2736	\Device\Harddisk0\DR0\Partition0 - ok

19:47:46.0484 2736	Boot (0x1200) (410688396fa4e97d21cb5e8947bd5236) \Device\Harddisk1\DR1\Partition0

19:47:46.0484 2736	\Device\Harddisk1\DR1\Partition0 - ok

19:47:46.0484 2736	============================================================

19:47:46.0484 2736	Scan finished

19:47:46.0484 2736	============================================================

19:47:46.0484 2728	Detected object count: 1

19:47:46.0484 2728	Actual detected object count: 1

19:47:56.0828 2728	sptd ( LockedFile.Multi.Generic ) - skipped by user

19:47:56.0828 2728	sptd ( LockedFile.Multi.Generic ) - User select action: Skip

A co do Kaspersky Rescue Disc, to znalazł on, i usunął 3 szkodniki, jednak na drugim systemie nadal nie działa Avast i win defender, ponadto mimo że kontrolka sieci pokazuje połączenie, to menedżer zadań pokazuje za to, że nie ma żadnej podpiętej karty sieciowej, a z internetem nie da się połączyć.

Dodane 18.10.2011 (Wt) 19:57

Tak na marginesie, program “logujący” rzeczywiście coś wykrył

#5

To co wykrył Kasperski TDSSKiller to sterownik sptd.sys od np Daemon Tools jest prawidłowy opcja Skip Rzecz w tym, że wykonałeś skan Kasperski Rescue Disk i piszesz że wykrył jakieś 3 szkodniki, być może usunął jakiś zainfekowany sterownik?

W takim razie poproszę o raporty OTL spróbuj pobrać i uruchomić wersje OTL.scr http://oldtimer.geekstogo.com/OTL.scr Jak się uda wykonaj skan, podaj powstały raport na forum

#6

Oto logi

http://chomikuj.pl/dawidusdb

Niestety w takiej formie, gdyż nie da sie tyle tekstu do posta wrzucić.

#7

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

#8

Przejrzałem ten ogromny log OTL (nie ustawia się wszystkich opcji na All tylko na Use Safe list) ale do rzeczy Znalazłem w logu

A to są komponenty rootkita zeroaccess Kasperski TDSSKiller nic nie wykrył ponieważ wcześniej użyłeś skanera z płytki. Mam nadzieje, że skaner nie usunął czasem jakiegoś sterownika systemowego.

Proszę pobrać Combofixa i uruchomić dwuklikiem http://www.fixitpc.pl/topic/7-dezynfekc … -combofix/ Jak narzędzie skończy pracę podaj raport na forum

#9

A oto i log z Combofixa

ComboFix 11-10-20.05 - Vithar 2011-10-20 22:46:28.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3325.2901 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Vithar\Pulpit\ComboFix.exe

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB41900$

c:\windows\$NtUninstallKB41900$\3228998693\@

c:\windows\$NtUninstallKB41900$\3228998693\L\pgamppig

c:\windows\$NtUninstallKB41900$\3228998693\U\$00000001

c:\windows\$NtUninstallKB41900$\3228998693\U\$000000c0

c:\windows\$NtUninstallKB41900$\3228998693\U\$000000cb

c:\windows\$NtUninstallKB41900$\3228998693\U\$000000cf

c:\windows\$NtUninstallKB41900$\3228998693\U\$80000000

c:\windows\$NtUninstallKB41900$\3228998693\U\$800000c0

c:\windows\$NtUninstallKB41900$\3228998693\U\$800000cb

c:\windows\$NtUninstallKB41900$\3228998693\U\$800000cf

c:\windows\$NtUninstallKB41900$\4170485322

c:\windows\IsUn0415.exe

c:\windows\system32\d3d9caps.dat

c:\windows\system32\muzapp.exe

.

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_c0769c25

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-09-20 do 2011-10-20 )))))))))))))))))))))))))))))))

.

.

2011-10-17 22:39 . 2011-10-18 19:34	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0

2011-10-17 18:39 . 2011-10-17 18:39	--------	d-----w-	c:\program files\Trend Micro

2011-10-16 18:11 . 2011-10-17 10:46	--------	d-sh--w-	c:\documents and settings\Vithar\Ustawienia lokalne\Dane aplikacji\c0769c25

2011-10-16 18:11 . 2011-10-16 18:11	--------	d-----w-	c:\windows\Sun

2011-10-16 15:42 . 2010-06-22 02:51	49904	----a-r-	c:\windows\system32\drivers\BVRPMPR5.SYS

2011-10-16 15:39 . 2011-10-16 17:29	--------	d-----w-	C:\Netgear

2011-10-16 15:36 . 2011-10-16 17:43	56200	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\{314B19D8-FAFF-4702-9B75-EE48E7C0FBEB}\offreg.dll

2011-10-14 11:42 . 2011-09-12 23:14	7269712	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\{314B19D8-FAFF-4702-9B75-EE48E7C0FBEB}\mpengine.dll

2011-10-11 18:18 . 2011-10-11 18:18	--------	d-----w-	c:\program files\Common Files\PCSuite

2011-10-09 15:17 . 2011-10-09 15:17	--------	d-----w-	c:\documents and settings\Vithar\Dane aplikacji\DDMSettings

2011-10-09 14:49 . 2011-10-09 14:49	--------	d-----w-	c:\documents and settings\Vithar\Ustawienia lokalne\Dane aplikacji\PCHealth

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-20 20:46 . 2011-05-19 02:12	17488	----a-w-	c:\windows\gdrv.sys

2011-09-26 09:41 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2004-08-04 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2004-08-04 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll

2011-09-12 23:14 . 2011-05-19 23:51	7269712	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-09-09 09:12 . 2011-05-27 20:01	602624	----a-w-	c:\windows\system32\crypt32.dll

2011-09-06 20:45 . 2011-05-19 23:36	41184	----a-w-	c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-05-19 23:36	199304	----a-w-	c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-05-19 23:36	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys

2011-09-06 20:38 . 2011-05-19 23:36	442200	----a-w-	c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-05-19 23:36	320856	----a-w-	c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:37 . 2011-05-19 23:36	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys

2011-09-06 20:36 . 2011-05-19 23:36	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-05-19 23:36	52568	----a-w-	c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-05-19 23:36	110552	----a-w-	c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2011-05-19 23:36	104536	----a-w-	c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2011-05-19 23:36	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2011-05-19 23:36	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys

2011-09-06 14:10 . 2011-05-27 20:01	1859200	----a-w-	c:\windows\system32\win32k.sys

2011-08-29 17:06 . 2011-05-19 21:46	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-22 23:40 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll

2011-08-22 23:40 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll

2011-08-22 23:40 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl

2011-08-22 11:58 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec

2011-08-17 13:49 . 2011-05-27 20:01	138496	----a-w-	c:\windows\system32\drivers\afd.sys

2011-07-26 21:08 . 2011-05-22 17:58	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]

"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-09 20880]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-01-19 1976944]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]

"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-01-23 3302232]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Vithar\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

VPro520.lnk - c:\windows\VPro520.exe [2011-5-19 73728]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"e:\\eMule\\eMule.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Common\\Runes of Magic\\Client.exe"=

"g:\\Common\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"h:\\XP\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"h:\\XP\\Km TPR\\KM_TPR.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-05-20 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-05-20 195416]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-05-20 717296]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-05-19 18984]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-05-20 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-05-20 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-05-20 20568]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-05-20 127192]

R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-05-19 219360]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2011-05-19 68136]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-11-20 58880]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-11-20 137728]

R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2011-05-19 85504]

R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2011-05-19 7680]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-05-19 30392]

S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-05-20 111320]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-05-19 1691480]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-10-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

2011-10-20 c:\windows\Tasks\User_Feed_Synchronization-{A1FDC5F8-98A1-4F54-94B2-70AD2216373D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Skan uzupełniający -------

.

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 178.214.159.138 178.214.157.10

FF - ProfilePath - c:\documents and settings\Vithar\Dane aplikacji\Mozilla\Firefox\Profiles\9q2p8n5m.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

HKLM-Run-NWEReboot - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-20 22:56

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

skanowanie ukrytych plików ...  

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3156)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

c:\program files\LClock\LC.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\System32\wudfhost.exe

.

**************************************************************************

.

Czas ukończenia: 2011-10-20 22:58:41 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-10-20 20:58

.

Przed: 6 169 427 968 bajtów wolnych

Po: 6 064 615 424 bajtów wolnych

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 000B6610E5947D52923796332CC9E533

[/code]

Pozytywnych zmian brak, komputer dalej działa bez jakiejkolwiek możliwości komunikacji z siecią, bez antywirusa, i jakoś tak ociężale (tylko system win xp, 7 na szczęście jeszcze działa)

#10

Odinstaluj pozostałości po antywirusie Avast http://www.avast.com/uninstall-utility Narzędzia należy użyć w trybie awaryjnym windows

wklej do notatnika:

Zapisz plik jako CFScript najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Następnie pobierz OTL otl-gmer-rsit-dss-inne-instrukcje-t370405.html wykonaj skan pokaż raporty na forum

Logi wklej na http://www.wklej.org/ a w poście daj linka do wklejki

Następnie Start - Uruchom - wpisujesz regedit i Enter Idziesz do klucza

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services klikasz prawym przyciskiem myszy na AFD z menu wybierasz Exportuj Zapisujesz plik.reg Proszę wysłać go na jakiś hosting a w poście podać linka do niego

#11

Log z ComboFixa

ComboFix 11-10-20.05 - Vithar 2011-10-21 21:03:36.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3325.2598 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Vithar\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Vithar\Pulpit\CFScript.txt

.

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Vithar\USTAWI~1\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll

c:\documents and settings\Vithar\Ustawienia lokalne\Dane aplikacji\c0769c25

c:\documents and settings\Vithar\Ustawienia lokalne\Dane aplikacji\c0769c25\@

c:\documents and settings\Vithar\Ustawienia lokalne\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-09-21 do 2011-10-21 )))))))))))))))))))))))))))))))

.

.

2011-10-17 22:39 . 2011-10-18 19:34	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0

2011-10-17 18:39 . 2011-10-17 18:39	--------	d-----w-	c:\program files\Trend Micro

2011-10-16 18:11 . 2011-10-16 18:11	--------	d-----w-	c:\windows\Sun

2011-10-16 15:42 . 2010-06-22 02:51	49904	----a-r-	c:\windows\system32\drivers\BVRPMPR5.SYS

2011-10-16 15:39 . 2011-10-16 17:29	--------	d-----w-	C:\Netgear

2011-10-16 15:36 . 2011-10-16 17:43	56200	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\{314B19D8-FAFF-4702-9B75-EE48E7C0FBEB}\offreg.dll

2011-10-14 11:42 . 2011-09-12 23:14	7269712	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\{314B19D8-FAFF-4702-9B75-EE48E7C0FBEB}\mpengine.dll

2011-10-11 18:18 . 2011-10-11 18:18	--------	d-----w-	c:\program files\Common Files\PCSuite

2011-10-09 15:17 . 2011-10-09 15:17	--------	d-----w-	c:\documents and settings\Vithar\Dane aplikacji\DDMSettings

2011-10-09 14:49 . 2011-10-09 14:49	--------	d-----w-	c:\documents and settings\Vithar\Ustawienia lokalne\Dane aplikacji\PCHealth

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-21 19:02 . 2011-05-19 02:12	17488	----a-w-	c:\windows\gdrv.sys

2011-09-26 09:41 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2004-08-04 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2004-08-04 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll

2011-09-12 23:14 . 2011-05-19 23:51	7269712	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-09-09 09:12 . 2011-05-27 20:01	602624	----a-w-	c:\windows\system32\crypt32.dll

2011-09-06 20:45 . 2011-05-19 23:36	41184	----a-w-	c:\windows\avastSS.scr

2011-09-06 14:10 . 2011-05-27 20:01	1859200	----a-w-	c:\windows\system32\win32k.sys

2011-08-29 17:06 . 2011-05-19 21:46	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-22 23:40 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll

2011-08-22 23:40 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll

2011-08-22 23:40 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl

2011-08-22 11:58 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec

2011-08-17 13:49 . 2011-05-27 20:01	138496	----a-w-	c:\windows\system32\drivers\afd.sys

2011-07-26 21:08 . 2011-05-22 17:58	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Błąd usług kryptograficznych 

.

((((((((((((((((((((((((((((( SnapShot@2011-10-20_20.54.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-21 18:58 . 2011-10-21 18:58	262144 c:\windows\system32\config\systemprofile\NtUser.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]

"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-09 940944]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-09 3373968]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-09 20880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-01-19 1976944]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]

"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-01-23 3302232]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Vithar\Menu Start\Programy\Autostart\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

VPro520.lnk - c:\windows\VPro520.exe [2011-5-19 73728]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"e:\\eMule\\eMule.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Common\\Runes of Magic\\Client.exe"=

"g:\\Common\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"h:\\XP\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"h:\\XP\\Km TPR\\KM_TPR.exe"=

.

R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-19 717296]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 18984]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]

S3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2007-03-27 85504]

S3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2007-03-27 7680]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-10-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

.

2011-10-21 c:\windows\Tasks\User_Feed_Synchronization-{A1FDC5F8-98A1-4F54-94B2-70AD2216373D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Skan uzupełniający -------

.

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 178.214.159.138 178.214.157.10

FF - ProfilePath - c:\documents and settings\Vithar\Dane aplikacji\Mozilla\Firefox\Profiles\9q2p8n5m.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

SafeBoot-Wdf01000.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-21 21:07

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

skanowanie ukrytych plików ...  

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

- - - - - - - > 'winlogon.exe'(560)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(816)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

.

**************************************************************************

.

Czas ukończenia: 2011-10-21 21:08:19 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2011-10-21 19:08

ComboFix2.txt 2011-10-20 20:58

.

Przed: 6 409 854 976 bajtów wolnych

Po: 6 403 624 960 bajtów wolnych

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 0525E6FE44DFCCA6CE089C3C23A7AD1E

[/code]

Logi z OTL

http://wklej.org/id/611833/

http://wklej.org/id/611835/

#12
#13

Usługi kryptograficznej w ogóle nie ma w systemie.

Natomiast tu jest log z SystemLook

SystemLook 30.07.11 by jpshortstuff

Log created at 14:30 on 22/10/2011 by Vithar

Administrator - Elevation successful


========== filefind ==========


Searching for "afd.sys"

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys	--a--c- 138496 bytes	[15]	[13] 8D499B1276012EB907E7A9E0F4D8FDA4

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys	--a--c- 138496 bytes	[15]	[15] 38D7B715504DA4741DF35E3594FE2099

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys	--a---- 138496 bytes	[14]	[13] F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys	--a--c- 138368 bytes	[02]	[10] D99DDFFB33DEACDCF20717CB520379F6

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys	--a--c- 138496 bytes	[02]	[11] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys	--a--c- 138496 bytes	[02]	[11] D6EE6014241D034E63C49A50CB2B442A

C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys	--a--c- 138368 bytes	[19]	[09] 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys	--a--c- 138496 bytes	[19]	[10] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys	--a--c- 138496 bytes	[19]	[10] 4D43E74F2A1239D53929B82600F1971C

C:\WINDOWS\$NtServicePackUninstall$\afd.sys	-----c- 138368 bytes	[21]	[09] 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\$NtUninstallKB2503665$\afd.sys	-----c- 138496 bytes	[01]	[14] 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys	-----c- 138496 bytes	[23]	[10] 7E775010EF291DA96AD17CA4B17137D7

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys	-----c- 138496 bytes	[11]	[13] 355556D9E580915118CD7EF736653A89

C:\WINDOWS\$NtUninstallKB951748$\afd.sys	-----c- 138112 bytes	[21]	[19] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys	-----c- 138496 bytes	[19]	[12] 5AC495F4CB807B2B98AD2AD591E6D92E

C:\WINDOWS\$NtUninstallKB956803$\afd.sys	-----c- 138496 bytes	[21]	[11] E3049B90FE06F3F740B7CFDA44995E2C

C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys	-----c- 138368 bytes	[19]	[10] 944CA435BFCFC82CC1ED9E3A7D731AA9

C:\WINDOWS\ServicePackFiles\i386\afd.sys	-----c- 138112 bytes	[19]	[19] 322D0E36693D6E24A2398BEE62A268CD

C:\WINDOWS\SoftwareDistribution\Download\a070094fb7bf7541e07b0c6a3cf50a60\SP3GDR\afd.sys	--a---- 138496 bytes	[14]	[13] 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\SoftwareDistribution\Download\a070094fb7bf7541e07b0c6a3cf50a60\SP3QFE\afd.sys	--a---- 138496 bytes	[14]	[13] F6B7B1ECD7B41736BDB6FF4B092BCB79

C:\WINDOWS\system32\dllcache\afd.sys	-----c- 138496 bytes	[02]	[13] 1E44BC1E83D8FD2305F8D452DB109CF9

C:\WINDOWS\system32\drivers\afd.sys	--a---- 138496 bytes	[20]	[13] 1E44BC1E83D8FD2305F8D452DB109CF9


Searching for "tcpip.sys"

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys	--a--c- 361600 bytes	[11]	[11] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys	--a--c- 360960 bytes	[02]	[10] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys	--a--c- 361600 bytes	[02]	[11] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys	--a--c- 361600 bytes	[02]	[11] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys	-----c- 360320 bytes	[21]	[10] 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys	-----c- 361344 bytes	[21]	[19] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys	-----c- 359040 bytes	[19]	[12] 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\ERDNT\cache\tcpip.sys	--a---- 361600 bytes	[20]	[11] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\ServicePackFiles\i386\tcpip.sys	-----c- 361344 bytes	[19]	[19] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\system32\dllcache\tcpip.sys	-----c- 361600 bytes	[02]	[11] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\system32\drivers\tcpip.sys	--a---- 361600 bytes	[20]	[11] 9AEFA14BD6B182D61E3119FA5F436D3D


Searching for "ipsec.sys"

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys	-----c- 74752 bytes	[21]	[12] 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys	-----c- 75264 bytes	[19]	[19] 23C74D75E36E7158768DD63D92789A91


-= EOF =-
#14

Proszę skopiować plik ipsec.sys z lokalizacji C:\WINDOWS\ServicePackFiles\i386\ ipsec.sys

Do lokalizacji

c:\windows\system32\drivers

c:\windows\system32\dllcache

Restart komputera i sprawdź czy działa sieć Jeśli nie Uruchom OTL klikasz Nic ustaw opcje Rejestr skan Dodatkowy na Użyj filtrowania klikasz Skanuj pokaż rapoort Extras.txt na forum

#15

Internet dalej nie działa. A folderu Dllcache w ogóle nie ma.

Tu log

OTL Extras logfile created on: 2011-10-23 15:29:49 - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Vithar\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 80,16% Memory free

5,09 Gb Paging File | 4,56 Gb Available in Paging File | 89,55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,28 Gb Total Space | 6,00 Gb Free Space | 29,56% Space Free | Partition Type: NTFS

Drive D: | 29,40 Gb Total Space | 2,43 Gb Free Space | 8,28% Space Free | Partition Type: NTFS

Drive E: | 416,07 Gb Total Space | 297,33 Gb Free Space | 71,46% Space Free | Partition Type: NTFS

Drive G: | 74,53 Gb Total Space | 36,76 Gb Free Space | 49,33% Space Free | Partition Type: NTFS

Drive H: | 149,05 Gb Total Space | 44,94 Gb Free Space | 30,15% Space Free | Partition Type: NTFS


Computer Name: VITHAR-D0EF8549 | User Name: Vithar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l


[HKEY_CURRENT_USER\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)

"E:\eMule\eMule.exe" = E:\eMule\eMule.exe:*:Enabled:eMule Plus -- (http://emuleplus.info)

"G:\Common\Runes of Magic\Client.exe" = G:\Common\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)

"G:\Common\uTorrent\uTorrent.exe" = G:\Common\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite -- (Nokia)

"H:\XP\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = H:\XP\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

"H:\XP\Km TPR\KM_TPR.exe" = H:\XP\Km TPR\KM_TPR.exe:*:Enabled:KM_TPR -- ()



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III

"{053BE69E-4EFE-3621-3613-30080CD26070}" = Catalyst Control Center Graphics Previews Common

"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 

"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite

"{0A795E81-7E99-4574-923D-8A0AF1F11CA1}" = ScanSoft PaperPort 11

"{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge

"{0B63BF75-9F0A-4E93-A69D-BDCC6A26C4B1}" = Podstawowe programy Windows Live

"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{1AD48A61-45C4-4C71-8BA5-C4DD44B23116}" = Baldur's Gate

"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine

"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver

"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-385C

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3CB1D980-79F3-11D5-8CC5-00C0CA129740}" = Baldur's Gate II - Tron Bhaala

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0409.1

"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV

"{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1c)

"{486CC64F-030A-4C9A-8716-87E26D28FKQ2}_is1" = King's Quest II: Romancing the Stones (3.1c)

"{486CC64F-030A-4C9A-8716-87E26D28FKQ3REDUX}_is1" = King's Quest III Redux: To Heir is Human (1.1)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{53B0213C-CC0C-4340-90BF-BFC7D3FE5BB4}" = QuickMark

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{590F4980-1C17-EF89-E0C8-1D5866385DD5}" = CCC Help English

"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility

"{5DF91B8B-8C3E-B5FB-F2FC-60562159E930}" = Catalyst Control Center InstallProxy

"{5ECA5B22-4073-8A6D-2E7E-8F4C39FC4309}" = Catalyst Control Center InstallProxy

"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = Wiedźmin Edycja Rozszerzona – „Efekt uboczny”

"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7234061E-3D70-2682-F47B-75A5D2F83685}" = Catalyst Control Center

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}" = Asystent rejestracji usługi Windows Live

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{89247EDA-8288-49CE-A0CA-5EBC17D71045}" = Nero 7 Premium

"{89E8C213-4818-43CD-884D-2EDA2C8076D6}" = Audials

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007

"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0017-0415-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Polish) 2007

"{90120000-0017-0415-0000-0000000FF1CE}_SharePointDesigner_{A740A405-DDE4-461F-AC66-6C79E81C87BE}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}_SharePointDesigner_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}_SharePointDesigner_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}_SharePointDesigner_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic

"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = Mythos

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater

"{AC76BA86-7AD7-1045-7B44-A70000000000}" = Adobe Reader 7.0 - Polish

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution

"{C3DE64C5-5621-4A75-B44D-FBDEF8DE0ADB}" = WARRIORS OROCHI

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{D651CB41-D92C-4639-BC24-9A926FEA24D2}" = Gothic 3 - Zmierzch Bogów

"{D7739941-59D4-F971-A68B-0318CFBE02D6}" = ccc-utility

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0

"{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin

"{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}" = Wiedźmin Edycja Rozszerzona - "Cena neutralności"

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03

"2B0430566DEE7109F019A317398EA7F8DA53B293" = Pakiet sterowników systemu Windows - Philips (SPC520) Image (03/27/2007 1.00.2.6000)

"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.02

"CCleaner" = CCleaner (remove only)

"Diablo II" = Diablo II

"DivX Setup.divx.com" = DivX Setup

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7)

"Ekspert CD_is1" = Ekspert CD

"Enable S3 for USB Device" = Enable S3 for USB Device

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FormatFactory" = FormatFactory 2.20

"Gadu-Gadu 10" = Gadu-Gadu 10

"hedgewars" = Hedgewars

"HijackThis" = HijackThis 2.0.2

"IcoFX_is1" = IcoFX 1.5.01

"ie8" = Windows Internet Explorer 8

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.66

"Knights and Merchants TPR" = Knights and Merchants TPR

"LClock" = LClock

"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas

"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas

"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas

"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas

"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas

"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas

"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Suite" = Nokia PC Suite

"Parallel Worlds_is1" = Parallel Worlds 1.1

"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 13.0.0

"SharePointDesigner" = Microsoft Office SharePoint Designer 2007

"SubEdit-Player_is1" = SubEdit-Player

"UndeleteMyFiles_is1" = UndeleteMyFiles

"uTorrent" = µTorrent

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Podstawowe programy Windows Live

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

"Xfire" = Xfire (remove only)


[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{C3DE64C5-5621-4A75-B44D-FBDEF8DE0ADB}" = WARRIORS OROCHI


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2011-10-18 14:40:21 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-19 11:14:07 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-20 16:09:51 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-20 16:37:16 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-20 16:46:09 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-20 16:56:42 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-21 15:02:27 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-21 15:09:18 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-22 08:28:06 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


Error - 2011-10-23 09:22:57 | Computer Name = VITHAR-D0EF8549 | Source = JavaQuickStarterService | ID = 1

Description = 


[OSession Events]

Error - 2011-06-07 16:11:34 | Computer Name = VITHAR-D0EF8549 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40

 seconds with 0 seconds of active time. This session ended with a crash.


[System Events]

Error - 2011-10-23 09:23:03 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7003

Description = Usługa Sterownik protokołu TCP/IP zależy od następującej nieistniejącej

 usługi: IPSec.


Error - 2011-10-23 09:23:03 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7001

Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zależy od usługi Sterownik

 protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1075


Error - 2011-10-23 09:23:04 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7003

Description = Usługa Sterownik protokołu TCP/IP zależy od następującej nieistniejącej

 usługi: IPSec.


Error - 2011-10-23 09:23:04 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7001

Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zależy od usługi Sterownik

 protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1075


Error - 2011-10-23 09:23:04 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7003

Description = Usługa Sterownik protokołu TCP/IP zależy od następującej nieistniejącej

 usługi: IPSec.


Error - 2011-10-23 09:23:04 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7001

Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zależy od usługi Sterownik

 protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1075


Error - 2011-10-23 09:23:52 | Computer Name = VITHAR-D0EF8549 | Source = Windows Update Agent | ID = 16

Description = Nie można nawiązać połączenia: System Windows nie może połączyć się

 z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować 

aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował

 próby ustanowienia połączenia.


Error - 2011-10-23 09:26:15 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7003

Description = Usługa Sterownik protokołu TCP/IP zależy od następującej nieistniejącej

 usługi: IPSec.


Error - 2011-10-23 09:26:15 | Computer Name = VITHAR-D0EF8549 | Source = Service Control Manager | ID = 7001

Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zależy od usługi Sterownik

 protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1075


Error - 2011-10-23 09:28:41 | Computer Name = VITHAR-D0EF8549 | Source = NetBT | ID = 4311

Description = Zainicjowanie nie powiodło się, ponieważ nie można utworzyć urządzenia

 sterownika.



< End of report >

Z tym, że jednak ten komputer sformatuję. Po prostu tamten system działa jak upośledzony (a połowy plików systemowych nie ma), a i tu można nieco poczyścić.

Wam wszystkim dziękuje za pomoc. Mam nadzieje, że nie ostatni raz ją od was otrzymałem :slight_smile:

#16

Plik uzupełniliśmy ale usługa nie startuje co nie jest dziwne bo kolejnym etapem miało być sprawdzenie wpisów w rejestrze, ale

skoro zdecydowałeś się na format to OK