FRST.txt

Jak usunąć wirusa Ukash (Weelsof) z Windows XP bez płyty instalacyjnej?

Dodaje w załączniku loga z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by SYSTEM on REATOGO on 25-10-2013 19:15:47
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:===== & gt; If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [C-Media Mixer] - Mixer.exe /startup
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-08-03] (ATI Technologies, Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-04-28] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2009-01-09] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll ()
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-02-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-02-28] (Nero AG)

========================== Services (Whitelisted) =================

S3 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [389120 2004-08-03] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-08-03] ()
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-08-22] ()
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DANEAP~1\8alwz884.dss [131072 2013-10-22] ()
S2 BrowserProtect; C:\Documents and Settings\All Users\Dane aplikacji\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 JavaQuickStarterService; " C:\Program Files\Java\jre6\bin\jqs.exe " -service -config " C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "

==================== Drivers (Whitelisted) ====================

S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [280782 2001-10-30] (C-Media Inc)
S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2008-12-21] (DT Soft Ltd.)
S3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [41984 2003-04-23] (VIA Technologies, Inc. )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-09-27] (Malwarebytes Corporation)
S2 MSF32; E:\PROGRAMY\MySecretFolder\MSF32.SYS [32128 2006-04-21] (WinAbility® Software Corporation)
S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2010-03-01] (MCCI Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2002-09-28] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [642560 2008-12-21] (Duplex Secure Ltd.)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 19:15 - 2013-10-25 19:15 - 00000000 ____D C:\FRST
2013-10-25 17:11 - 2013-10-25 17:11 - 00061248 _____ C:\OTL.Txt
2013-10-25 17:11 - 2013-10-25 17:11 - 00000000 ___SD C:\Documents and Settings\Administrator\IETldCache
2013-10-24 15:21 - 2013-10-25 06:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-22 15:21 - 2013-10-22 15:21 - 00000719 _____ C:\Windows\DtcInstall.log
2013-10-22 14:57 - 2013-10-24 16:21 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-22 14:57 - 2008-12-06 11:32 - 00000000 ___HD C:\Documents and Settings\Administrator\Szablony
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 __RHD C:\Documents and Settings\Administrator\Dane aplikacji
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 ___RD C:\Documents and Settings\Administrator\Menu Start
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 ___HD C:\Documents and Settings\Administrator\Ustawienia lokalne
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 ____D C:\Documents and Settings\Administrator\Ulubione
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 ____D C:\Documents and Settings\Administrator\Pulpit
2013-10-22 14:57 - 2008-12-06 11:25 - 00000000 ____D C:\Documents and Settings\Administrator\Moje dokumenty
2013-10-18 11:59 - 2013-10-18 11:59 - 00001638 _____ C:\Windows\setupapi.log
2013-09-27 10:25 - 2013-09-27 10:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

==================== One Month Modified Files and Folders =======

2013-10-25 19:15 - 2013-10-25 19:15 - 00000000 ____D C:\FRST
2013-10-25 17:11 - 2013-10-25 17:11 - 00061248 _____ C:\OTL.Txt
2013-10-25 17:11 - 2013-10-25 17:11 - 00000000 ___SD C:\Documents and Settings\Administrator\IETldCache
2013-10-25 09:31 - 2012-10-07 03:59 - 00324312 _____ C:\Windows\WindowsUpdate.log
2013-10-25 09:31 - 2008-12-06 11:39 - 00032108 _____ C:\Windows\SchedLgU.Txt
2013-10-25 09:31 - 2008-12-06 11:28 - 00000216 _____ C:\Windows\wiadebug.log
2013-10-25 09:31 - 2008-12-06 11:28 - 00000050 _____ C:\Windows\wiaservc.log
2013-10-25 06:33 - 2008-12-06 11:25 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji
2013-10-25 06:14 - 2013-10-24 15:21 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-24 16:21 - 2013-10-22 14:57 - 00000188 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-22 15:21 - 2013-10-22 15:21 - 00000719 _____ C:\Windows\DtcInstall.log
2013-10-22 03:58 - 2008-12-06 11:40 - 00000188 ___SH C:\Documents and Settings\Plonki\ntuser.ini
2013-10-21 15:39 - 2008-12-06 11:40 - 00000000 ____D C:\Documents and Settings\Plonki\Pulpit
2013-10-20 07:00 - 2002-09-28 18:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-10-18 11:59 - 2013-10-18 11:59 - 00001638 _____ C:\Windows\setupapi.log
2013-10-10 14:41 - 2012-10-07 03:18 - 00000000 ____D C:\Program Files\Opera
2013-10-05 13:37 - 2012-12-09 05:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-27 10:26 - 2013-09-27 10:25 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2002-09-28 18:00] - [2004-08-03 18:44] - 1033728 ____A (Microsoft Corporation) 379098a96e6c165b659de7e4328010ea

C:\Windows\System32\winlogon.exe
[2002-09-28 18:00] - [2004-08-03 18:44] - 0504832 ____A (Microsoft Corporation) 0344407089b08548d4feba62bb0f32d0

C:\Windows\System32\svchost.exe
[2002-09-28 18:00] - [2004-08-03 18:44] - 0014336 ____A (Microsoft Corporation) ba98327e90022dbd6ee76490e0622e2e

C:\Windows\System32\services.exe
[2002-09-28 18:00] - [2004-08-03 18:44] - 0108544 ____A (Microsoft Corporation) 3da8d964d2cc12ef8e8c342471a37917

C:\Windows\System32\User32.dll
[2002-09-28 18:00] - [2004-08-03 18:44] - 0578560 ____A (Microsoft Corporation) 0c81764f50f32d376e6e4b9e9f4b01a0

C:\Windows\System32\userinit.exe
[2002-09-28 18:00] - [2004-08-03 18:44] - 0025088 ____A (Microsoft Corporation) bd768099b4c44aa631728cb74eb54396

C:\Windows\System32\Drivers\volsnap.sys
[2002-09-28 18:00] - [2004-08-03 18:36] - 0052864 ____A (Microsoft Corporation) ecd173739b8ec10a814cc18653df5a36


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile = & gt; OK
HKLM\...\exefile\DefaultIcon: %1 = & gt; OK
HKLM\...\exefile\open\command: " %1 " %* = & gt; OK

==================== Restore Points (XP) =====================

RP: - & gt; 2013-10-13 04:08 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP837

RP: - & gt; 2013-09-16 12:57 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP836

RP: - & gt; 2013-09-15 07:50 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP835

RP: - & gt; 2013-09-12 14:25 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP834

RP: - & gt; 2013-09-10 13:20 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP833

RP: - & gt; 2013-09-09 13:02 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP832

RP: - & gt; 2013-09-07 13:30 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP831

RP: - & gt; 2013-09-05 13:15 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP830

RP: - & gt; 2013-08-31 08:10 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP829

RP: - & gt; 2013-08-29 13:13 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP828

RP: - & gt; 2013-08-26 14:44 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP827

RP: - & gt; 2013-08-25 14:30 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP826

RP: - & gt; 2013-08-22 13:48 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP825

RP: - & gt; 2013-08-20 14:36 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP824

RP: - & gt; 2013-08-19 14:21 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP823

RP: - & gt; 2013-08-18 14:06 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP822

RP: - & gt; 2013-08-17 12:14 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP821

RP: - & gt; 2013-08-17 12:11 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP820

RP: - & gt; 2013-08-17 12:11 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP819

RP: - & gt; 2013-08-17 12:09 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP818

RP: - & gt; 2013-08-15 14:56 - 028672 _restore{1BFFBBFB-CE9A-4956-944D-0BBF3C06A1EB}\RP817


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 511.48 MB
Available physical RAM: 314.12 MB
Total Pagefile: 459.22 MB
Available Pagefile: 332.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.17 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:14.65 GB) (Free:1.18 GB) NTFS == & gt; [Drive with boot components (Windows XP)]
Drive d: (GRY) (Fixed) (Total:29.28 GB) (Free:17.69 GB) FAT32
Drive e: (Dokumenty) (Fixed) (Total:32.38 GB) (Free:16.58 GB) NTFS
Drive g: () (Removable) (Total:0.46 GB) (Free:0.12 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 76 GB) (Disk ID: EAD4EAD4)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=62 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================