emil_bart utworzono 30 sierpnia 2010 utworzono 30 sierpnia 2010 Bardzo proszę o sprawdzenie log'a i pokierowanie co robić aby rozwiązać problem: mianowicie nie mogę wejść na dysk D i w niektóre foldery poprzez 2-krotne wciśnięcie myszy: link do log'a z combofix: [log]ComboFix 10-08-28.02 - AGA 2010-08-29 13:46:15.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.1.1250.48.1045.18.511.291 [GMT 2:00] Uruchomiony z: c:\documents and settings\AGA\Pulpit\ComboFix.exe UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db D:\Autorun.inf D:\Program Files.exe c:\windows\system32\qmgr.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-07-28 do 2010-08-29 ))))))))))))))))))))))))))))))) . 2010-08-25 14:30 . 2010-08-25 14:30 66552 ----a-w- c:\documents and settings\Sara Diana Kamil\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-08-25 12:57 . 2010-08-25 12:57 -------- d-----w- c:\documents and settings\Sara Diana Kamil\Dane aplikacji\AdobeUM 2010-08-25 12:57 . 2010-08-25 12:57 -------- d-----w- c:\documents and settings\Sara Diana Kamil\Ustawienia lokalne\Dane aplikacji\Adobe 2010-08-24 16:01 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-08-24 16:01 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-08-24 16:00 . 2010-08-24 16:00 -------- d-----w- c:\program files\Microsoft.NET 2010-08-24 15:59 . 2010-08-26 11:00 -------- d-----w- c:\windows\SHELLNEW 2010-08-24 11:54 . 2010-08-24 11:54 -------- d-----w- c:\program files\Szkola podstawowa klasa 6 - Tajemnice przyrody 2010-08-14 14:21 . 2001-10-26 14:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-08-14 14:21 . 2001-10-26 14:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-08-14 14:21 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-08-14 14:21 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 11:23 . 2003-04-16 12:00 49492 ----a-w- c:\windows\system32\perfc015.dat 2010-08-29 11:23 . 2003-04-16 12:00 355486 ----a-w- c:\windows\system32\perfh015.dat 2010-08-26 10:59 . 2008-08-24 17:26 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-08-26 10:59 . 2010-06-06 10:20 -------- d-----w- c:\program files\LG PC Suite II 2010-08-24 18:57 . 2008-09-20 14:13 66552 ----a-w- c:\documents and settings\AGA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2004-03-11 12:27 . 2009-03-26 09:45 40960 -c--a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2004-08-04 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\wscntfy.exe [-] 2004-08-04 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\xmlprov.dll [-] 2004-08-04 . D87BF452D4BE09490D98EFB05D00FD9D . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\d3d9.dll [-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\LastGood\system32\d3d9.dll [-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll c:\windows\System32\wscntfy.exe ... - brak elementu !! c:\windows\System32\xmlprov.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-27 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704] "nwiz"="nwiz.exe" [2004-05-14 831488] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-05 155648] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-16 13312] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2010-3-14 55296] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-07-16 75904] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-04 114768] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-06-13 428160] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-01 717296] . Zawartość folderu 'Zaplanowane zadania' 2009-07-29 c:\windows\Tasks\NSSstub.job - c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-07-04 17:46] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.interia.pl/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm FF - ProfilePath - c:\documents and settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\ FF - plugin: c:\documents and settings\AGA\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Królik Bystrzak dla Zerówki, Lot do Balonii - c:\program files\The Learning Company\Królik Bystrzak dla Zerówki ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-29 13:52 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(628) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(684) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(3596) c:\windows\System32\ODBC32.dll c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\SOUNDMAN.EXE c:\windows\System32\RUNDLL32.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\nvsvc32.exe c:\windows\System32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\imapi.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe . ************************************************************************** . Czas ukończenia: 2010-08-29 13:53:09 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-08-29 11:53 Przed: 618 868 736 bajtów wolnych Po: 3 758 964 736 bajtów wolnych - - End Of File - - 05A262E8AFC96A42FE996D30A4578C43 [/log] log: OTL [log]OTL logfile created on: 2010-08-29 14:31:21 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\AGA\Pulpit Windows XP Home Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 31,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,55% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 53,42 Gb Free Space | 82,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AGA-NXCFZ9DJ1UP Current User Name: AGA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe PRC - [2009-09-12 16:47:20 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-17 18:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-08-17 18:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-08-17 18:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-08-17 18:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-08-17 17:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2008-12-18 17:11:01 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2008-07-27 11:41:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008-07-16 20:52:02 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2004-04-06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe PRC - [2004-04-06 19:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe PRC - [2004-01-08 20:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2003-12-08 18:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe PRC - [2003-04-16 14:00:00 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998-07-08 14:01:28 | 000,055,296 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe MOD - [2006-08-25 17:53:59 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll MOD - [2003-04-16 14:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc) SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\AGA\USTAWI~1\Temp\hpdj.exe -- (hpdj) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2009-08-17 18:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-08-17 18:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-08-17 18:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-08-17 17:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004-04-06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2009-08-17 18:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-08-17 18:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009-08-17 18:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-08-17 18:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-08-17 18:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-01-01 22:21:56 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-09-04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-09-04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-09-04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2006-12-01 08:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) DRV - [2006-04-25 04:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303) DRV - [2004-05-14 07:41:00 | 002,205,760 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004-04-06 20:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass) DRV - [2004-04-06 20:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs) DRV - [2004-01-09 17:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003-12-11 17:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003-12-05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003-07-01 22:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2003-06-12 12:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid) DRV - [2002-08-29 02:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002-08-29 02:32:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-07-16 20:52:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-25 13:15:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-24 18:01:07 | 000,000,000 | ---D | M] [2009-04-11 11:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Extensions [2010-08-24 12:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\extensions [2009-10-10 15:02:58 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009-04-11 11:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-26 11:08:21 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2007-03-31 19:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-29 13:50:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.65 80.51.99.1 212.244.85.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://deccoria.pl/files/21131/13664/11db591ba456c6f36979094f463f4a45.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-07-16 19:48:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-08-29 13:34:36 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-08-29 14:30:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe [2010-08-29 13:43:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-08-29 13:43:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-08-29 13:43:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-08-29 13:43:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-08-29 13:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-29 13:41:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2010-08-29 13:41:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-08-29 13:34:36 | 000,000,000 | R--D | C] -- C:\autorun.inf [2010-08-24 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\Pulpit\Nowy folder [2010-08-24 18:01:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010-08-24 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010-08-24 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010-08-24 17:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2010-08-24 13:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 6 - Tajemnice przyrody [2010-08-14 16:21:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010-08-14 16:21:26 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-08-29 14:30:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe [2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe [2010-08-29 13:52:21 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-29 13:52:21 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-29 13:52:21 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-29 13:52:21 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-29 13:52:20 | 000,764,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-29 13:51:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-08-29 13:51:07 | 000,000,632 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI [2010-08-29 13:50:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-08-29 13:50:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-29 13:50:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-29 13:50:06 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\AGA\NTUSER.DAT [2010-08-29 13:43:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-29 13:39:11 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\AGA\Pulpit\ComboFix.exe [2010-08-29 13:34:02 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Flash_Disinfector.exe [2010-08-29 13:24:28 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Połączenie szerokopasmowe.lnk [2010-08-29 12:41:12 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-08-28 14:13:21 | 005,613,568 | R--- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ESBK.mbb [2010-08-28 14:13:21 | 002,551,808 | R--- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ESBK.mb [2010-08-27 16:59:53 | 000,003,592 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\HH.SAV [2010-08-26 20:19:59 | 001,575,584 | -H-- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-25 16:30:01 | 000,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010-08-25 09:58:14 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-24 20:57:44 | 000,066,552 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-24 20:47:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Skrót do Mój komputer.lnk [2010-08-24 18:08:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010-08-24 18:01:24 | 000,000,891 | ---- | M] () -- C:\WINDOWS\win.ini [2010-08-24 17:27:51 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Dokument mamy.rtf [2010-08-24 13:54:21 | 000,001,364 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Szkoła podstawowa klasa 6 – Tajemnice przyrody.lnk [2010-08-08 17:21:27 | 000,000,190 | -HS- | M] () -- C:\Documents and Settings\AGA\ntuser.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-29 14:31:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe [2010-08-29 13:43:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-29 13:43:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-08-29 13:43:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-08-29 13:43:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-29 13:43:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-08-29 13:38:50 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\AGA\Pulpit\ComboFix.exe [2010-08-29 13:34:03 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\Flash_Disinfector.exe [2010-08-29 13:24:28 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Połączenie szerokopasmowe.lnk [2010-08-24 20:47:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\Skrót do Mój komputer.lnk [2010-08-24 18:01:49 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-08-24 13:54:21 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Szkoła podstawowa klasa 6 – Tajemnice przyrody.lnk [2010-03-14 12:07:20 | 000,000,632 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2010-02-18 18:31:13 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\HH.SAV [2009-11-14 19:13:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009-06-13 19:14:03 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009-06-13 18:53:26 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS [2009-03-29 16:25:00 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-03-26 11:45:27 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2008-11-08 16:16:28 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008-09-28 13:39:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2008-09-24 18:55:42 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2008-09-20 15:46:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2008-09-20 15:46:28 | 000,003,548 | ---- | C] () -- C:\WINDOWS\If42le.ini [2008-09-20 15:46:24 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2008-09-20 15:32:07 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pexplore.ini [2008-09-20 15:32:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI [2008-09-20 14:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI [2008-09-20 13:25:26 | 000,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008-09-20 13:22:45 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini [2008-09-20 13:22:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2008-09-11 10:44:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008-09-10 15:47:30 | 000,010,587 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2008-07-18 15:27:05 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-07-18 15:27:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-07-18 15:27:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-07-18 15:27:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-07-18 15:27:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-07-18 15:27:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-07-18 14:51:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008-07-16 23:21:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-07-16 19:55:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2008-07-16 19:55:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2007-01-31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini [2003-04-16 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000-09-08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll < End of report > [/log] [log]OTL Extras logfile created on: 2010-08-29 14:31:21 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\AGA\Pulpit Windows XP Home Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 31,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,55% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 53,42 Gb Free Space | 82,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AGA-NXCFZ9DJ1UP Current User Name: AGA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C811605-BAB2-4129-AB15-0A9956B2F0D2}" = PAC7312 "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4ADCC9-8288-482D-A6B9-E36CD9084BAB}" = Agent Hugo - Misja Hawaje "{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II "{5265664F-6128-405C-9225-9782A85954FD}" = Plustek USB Scanner "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{633B1B7C-EF52-4DA0-9CFC-FB625DA7E554}" = Podróże Grovera "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare, program "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "1f500344b6310dc5e95edbafb4dc854e-691254322" = Encyklopedia małego człowieka "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer V3.3_is1" = ALLPlayer V3.X "AQOSDE/DE-German_is1" = Ancient Quest of Saqqarah "Ares" = Ares 2.0.1 "Atomowki - Wielka Potyczka z Ksiezniczka Chytruska" = Atomowki - Wielka Potyczka z Ksiezniczka Chytruska "avast!" = avast! Antivirus "BCJOAES/ES-Spanish_is1" = Brain College: Jewels of Atlantis "Enable S3 for USB Device" = Enable S3 for USB Device "hp print screen utility" = hp print screen utility "InCD!UninstallKey" = InCD "InstallShield_{0C811605-BAB2-4129-AB15-0A9956B2F0D2}" = PAC7312 "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full) "Logomocja-Imagine Demo_is1" = Logomocja-Imagine Demo wersja 2.1 "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nero - Burning Rom!UninstallKey" = Nero OEM "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "Q-Typing 1.3_is1" = Q-Typing 1.3 "RealPlayer 6.0" = RealPlayer "SLOJDE_is1" = StoneLoops of Jurassica "Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy "SubEdit-Player_is1" = SubEdit-Player "Syberia_is1" = Syberia "Szkoła podstawowa klasa 5 - Tajemnice przyrody" = Szkoła podstawowa klasa 5 - Tajemnice przyrody "Szkoła podstawowa klasa 6 – Tajemnice przyrody" = Szkoła podstawowa klasa 6 – Tajemnice przyrody "Tlen.pl" = Tlen.pl "Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar for Internet Explorer "Windows Media Format Runtime" = Windows Media Format Runtime [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Antivirus Events ] Error - 2010-03-13 06:56:50 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2009-06-14\104_1863.jpg failed, 0000001E. Error - 2010-03-13 07:00:43 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2009-06-14\104_1865.jpg failed, 0000001E. Error - 2010-03-13 07:00:48 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2009-06-14\104_1868.jpg failed, 0000001E. Error - 2010-03-13 07:11:29 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2009-06-14\104_1869.jpg failed, 0000A420. Error - 2010-03-13 07:15:03 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\2009-06-14\104_1871.jpg failed, 0000A420. Error - 2010-07-26 12:56:14 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\zima, radek z dziećmi\Thumbs.db failed, 0000001E. Error - 2010-07-26 12:59:37 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\zima, radek z dziećmi\104_0961.jpg failed, 0000001E. Error - 2010-07-26 13:00:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\majówka w lesie i długi pobyt kasi i radka z dziećmi\104_1454.jpg failed, 0000001E. Error - 2010-07-26 13:07:32 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Urodziny Kamila 8\104_1246.jpg failed, 0000001E. Error - 2010-08-25 11:35:02 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\Zdjęcia\aga\100_3790.jpg failed, 0000001E. [ Application Events ] Error - 2010-05-21 13:22:29 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd easyshare.exe, wersja 5.3.33.26, moduł powodujący błąd esskin.esx, wersja 5.3.33.26, adres błędu 0x000393f2. Error - 2010-05-22 10:46:40 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-05-24 09:50:48 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-05-25 13:18:45 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-05-31 06:38:46 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-05-31 09:28:07 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-05-31 11:51:54 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-06-02 04:19:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-06-02 14:58:36 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. Error - 2010-06-03 09:44:14 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002 Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania. Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania tej procedury. [ System Events ] Error - 2010-08-29 07:43:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2010-08-29 07:44:51 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%2 Error - 2010-08-29 07:45:00 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7022 Description = Usługa Bonjour Service zawiesiła się podczas uruchamiania. Error - 2010-08-29 07:51:17 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2010-08-29 07:51:17 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2010-08-29 07:51:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452689 Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji, wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751) Error - 2010-08-29 07:51:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701 Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Error - 2010-08-29 07:52:26 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%2 Error - 2010-08-29 07:52:26 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi wscsvc z powodu następującego błędu: %%1083 Error - 2010-08-29 07:52:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7022 Description = Usługa Bonjour Service zawiesiła się podczas uruchamiania. < End of report > [/log] log: GMER [log]GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-29 15:23:14 Windows 5.1.2600 Dodatek Service Pack. 1 Running: zd6tywrb.exe; Driver: C:\DOCUME~1\AGA\USTAWI~1\Temp\kxxcakog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF47BC6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF47BC574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF47BCA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF47BC14C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF47BC64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF47BC08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF47BC0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF47BC76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF47BC72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF47BC8AE] ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7D48510] ? C:\DOCUME~1\AGA\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ? C:\ComboFix\catchme.sys Nie można odnaleźć określonego pliku. ! ? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00560002 IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00560000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x39 0xA0 0xF2 0x28 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x39 0xA0 0xF2 0x28 ... ---- EOF - GMER 1.0.15 ---- [/log] Ponadto przeskanowałem kompa programem USBFix oto log USBFix [log]############################## | UsbFix 7.022 | [Research] User: AGA (Administrator) # AGA-NXCFZ9DJ1UP [ ] Updated 29/08/10 by El Desaparecido / C_XX Started at 09:16:21 | 30/08/2010 Website: http://pagesperso-orange.fr/NosTools/index.html Contact: FindyKill.Contact@gmail.com CPU: AMD Sempron(tm) 2800+ Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack. 1 Internet Explorer 6.0.2800.1106 RAM -> 511 Mb C:\ (%systemdrive%) -> Fixed drive # 10 Gb (4 Mb free - 37%) [] # NTFS D:\ -> Fixed drive # 65 Gb (53 Mb free - 82%) [DANE] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [KINGSTON] # FAT32 ################## | Files # Infected Folders | Found ! D:\muza ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | C:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) ################## | E.O.F | [/log] Czy mam postępować dalej, czyli skorzystać z opcji Deletion? - czy w tym wypadku program nie spowoduję uszczerbku na plikach we wskazanym w logu folderze D:\muza ? Ps: Proszę o szybką pomoc i wyrozumiałość, bo słabo się orientuję w temacie. [color="#FF0000"] //Logi wklejamy w tagi !!! //Następnym razem proszę się do tego zastosować //Tymczasem poprawiam //Tom01[/color]
Tomek01 komentarz 30 sierpnia 2010 komentarz 30 sierpnia 2010 Po pierwsze, stosowanie Combofixa jest niezgodne z regulaminem, przede wszystkim jednak możesz sobie narobić szkód. Tym bardziej, że: [b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! [/b] Podstawowy błąd. Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB. Jeśli nie znasz tego pliku to go nie usuwaj ze skryptu, jeśli znasz to usuń: C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) :Files C:\autorun.inf :Commands [emptytemp] [start explorer] [Reboot] [/code] Klikasz run fix, komputer uruchamia się ponownie.
emil_bart komentarz 30 sierpnia 2010 Autor komentarz 30 sierpnia 2010 (edytowane) Tylko. że plik C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe jest programem GMER, którego używałem również do skanowania komputera w celu wykrycia infekcji? więc czy to ma znaczenie i usunąć go i postępować dalej, według podanej przez Pana instrukcji?
Sohei komentarz 31 sierpnia 2010 komentarz 31 sierpnia 2010 Emil poprawiłem skrypt Tomka teraz możesz go wkleić
emil_bart komentarz 31 sierpnia 2010 Autor komentarz 31 sierpnia 2010 (edytowane) Po wklejeniu skryptu i zrestartowaniu systemu OTL podał taki log: [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully. C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully. C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully. File C:\Program Files\Winamp Toolbar\winamptb.dll not found. ========== FILES ========== C:\autorun.inf folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AGA ->Temp folder emptied: 1005068 bytes ->Temporary Internet Files folder emptied: 258937 bytes ->Java cache emptied: 9254525 bytes ->FireFox cache emptied: 104119729 bytes ->Flash cache emptied: 154798 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Sara Diana Kamil ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 38723417 bytes ->Flash cache emptied: 10080 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1281353 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 131072 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 148,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08312010_131646 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_554.dat not found! Registry entries deleted on Reboot... [/log] Po kolejnym uruchomieniu kompa avast wyświetla komunikat ze wykryto pasożyta, wcisnąłem żeby nie podejmował akcji... ponieważ przy wcześniejszym takim zdarzeniu gdy wcisnąłem usuń bądź kwarantanne pojawił się problem z brakiem możliwości wejścia na dysk D prze podwójne kliknięcie. Więc czy wszystko jest/będzie ok?
emil_bart komentarz 2 września 2010 Autor komentarz 2 września 2010 (edytowane) dziękuję za pomoc... robaka przeniosłem avastem do kwarantanny i tymczasowo problem zażegnany
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.