x-kom hosting

Bardzo proszę o sprawdzenie log'a i pokierowanie co robić..

emil_bart
utworzono
utworzono

Bardzo proszę o sprawdzenie log'a i pokierowanie co robić aby rozwiązać problem:
mianowicie nie mogę wejść na dysk D i w niektóre foldery poprzez 2-krotne wciśnięcie myszy:

link do log'a z combofix:
[log]ComboFix 10-08-28.02 - AGA 2010-08-29 13:46:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.48.1045.18.511.291 [GMT 2:00]
Uruchomiony z: c:\documents and settings\AGA\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db
D:\Autorun.inf
D:\Program Files.exe

c:\windows\system32\qmgr.dll . . . jest zainfekowany!!

.
((((((((((((((((((((((((( Pliki utworzone od 2010-07-28 do 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-25 14:30 . 2010-08-25 14:30 66552 ----a-w- c:\documents and settings\Sara Diana Kamil\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-08-25 12:57 . 2010-08-25 12:57 -------- d-----w- c:\documents and settings\Sara Diana Kamil\Dane aplikacji\AdobeUM
2010-08-25 12:57 . 2010-08-25 12:57 -------- d-----w- c:\documents and settings\Sara Diana Kamil\Ustawienia lokalne\Dane aplikacji\Adobe
2010-08-24 16:01 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-08-24 16:01 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-08-24 16:00 . 2010-08-24 16:00 -------- d-----w- c:\program files\Microsoft.NET
2010-08-24 15:59 . 2010-08-26 11:00 -------- d-----w- c:\windows\SHELLNEW
2010-08-24 11:54 . 2010-08-24 11:54 -------- d-----w- c:\program files\Szkola podstawowa klasa 6 - Tajemnice przyrody
2010-08-14 14:21 . 2001-10-26 14:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-14 14:21 . 2001-10-26 14:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-14 14:21 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-14 14:21 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 11:23 . 2003-04-16 12:00 49492 ----a-w- c:\windows\system32\perfc015.dat
2010-08-29 11:23 . 2003-04-16 12:00 355486 ----a-w- c:\windows\system32\perfh015.dat
2010-08-26 10:59 . 2008-08-24 17:26 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-08-26 10:59 . 2010-06-06 10:20 -------- d-----w- c:\program files\LG PC Suite II
2010-08-24 18:57 . 2008-09-20 14:13 66552 ----a-w- c:\documents and settings\AGA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2004-03-11 12:27 . 2009-03-26 09:45 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2004-08-04 . 1905812AB06A70FF21907FAA10C927D6 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\wscntfy.exe

[-] 2004-08-04 . E3C9EF5BCC9EB171BD81051CD19BDED7 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\xmlprov.dll

[-] 2004-08-04 . D87BF452D4BE09490D98EFB05D00FD9D . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6365088f85b501588ee599470d0e71a8\d3d9.dll
[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\LastGood\system32\d3d9.dll
[-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll

c:\windows\System32\wscntfy.exe ... - brak elementu !!
c:\windows\System32\xmlprov.dll ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-05-14 3784704]
"nwiz"="nwiz.exe" [2004-05-14 831488]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-05-14 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-05 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-04-06 1298542]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"PE2CKFNT SE"="c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-16 13312]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Photo Express Calendar Checker SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2010-3-14 55296]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-07-16 75904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-04 114768]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-06-13 428160]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-01-01 717296]
.
Zawartość folderu 'Zaplanowane zadania'

2009-07-29 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-07-04 17:46]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.interia.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
FF - ProfilePath - c:\documents and settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\
FF - plugin: c:\documents and settings\AGA\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-Królik Bystrzak dla Zerówki, Lot do Balonii - c:\program files\The Learning Company\Królik Bystrzak dla Zerówki



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 13:52
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3596)
c:\windows\System32\ODBC32.dll
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\windows\System32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\imapi.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
**************************************************************************
.
Czas ukończenia: 2010-08-29 13:53:09 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-08-29 11:53

Przed: 618 868 736 bajtów wolnych
Po: 3 758 964 736 bajtów wolnych

- - End Of File - - 05A262E8AFC96A42FE996D30A4578C43
[/log]

log: OTL
[log]OTL logfile created on: 2010-08-29 14:31:21 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\AGA\Pulpit
Windows XP Home Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 31,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,55% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 53,42 Gb Free Space | 82,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AGA-NXCFZ9DJ1UP
Current User Name: AGA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe
PRC - [2009-09-12 16:47:20 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-17 18:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-08-17 18:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-08-17 18:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-08-17 18:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-08-17 17:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-12-18 17:11:01 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-07-27 11:41:27 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008-07-16 20:52:02 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004-04-06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2004-04-06 19:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004-01-08 20:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003-12-08 18:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003-04-16 14:00:00 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [1998-07-08 14:01:28 | 000,055,296 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe
MOD - [2006-08-25 17:53:59 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
MOD - [2003-04-16 14:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\AGA\USTAWI~1\Temp\hpdj.exe -- (hpdj)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009-08-17 18:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-08-17 18:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-08-17 18:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-08-17 17:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-04-06 20:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009-08-17 18:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-08-17 18:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-08-17 18:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-08-17 18:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-08-17 18:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-01-01 22:21:56 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-09-04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-09-04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-09-04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006-12-01 08:23:58 | 000,392,122 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006-04-25 04:57:42 | 000,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2004-05-14 07:41:00 | 002,205,760 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004-04-06 20:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004-04-06 20:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2004-01-09 17:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003-12-11 17:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003-12-05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003-07-01 22:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003-06-12 12:31:46 | 000,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2002-08-29 02:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002-08-29 02:32:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-07-16 20:52:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-25 13:15:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-24 18:01:07 | 000,000,000 | ---D | M]

[2009-04-11 11:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Extensions
[2010-08-24 12:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\extensions
[2009-10-10 15:02:58 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Firefox\Profiles\28qe4hjr.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009-04-11 11:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-07-26 11:08:21 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2007-03-31 19:11:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-08-29 13:50:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.65 80.51.99.1 212.244.85.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://deccoria.pl/files/21131/13664/11db591ba456c6f36979094f463f4a45.jpg
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-16 19:48:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-08-29 13:34:36 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-08-29 14:30:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe
[2010-08-29 13:43:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-08-29 13:43:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-08-29 13:43:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-08-29 13:43:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-08-29 13:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-08-29 13:41:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-08-29 13:41:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-29 13:34:36 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010-08-24 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\Pulpit\Nowy folder
[2010-08-24 18:01:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010-08-24 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-08-24 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-08-24 17:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010-08-24 13:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Szkola podstawowa klasa 6 - Tajemnice przyrody
[2010-08-14 16:21:28 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010-08-14 16:21:26 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-08-29 14:30:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe
[2010-08-29 14:30:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe
[2010-08-29 13:52:21 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-08-29 13:52:21 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-29 13:52:21 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-08-29 13:52:21 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-29 13:52:20 | 000,764,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-29 13:51:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-08-29 13:51:07 | 000,000,632 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010-08-29 13:50:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-08-29 13:50:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-29 13:50:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-29 13:50:06 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\AGA\NTUSER.DAT
[2010-08-29 13:43:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-29 13:39:11 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\AGA\Pulpit\ComboFix.exe
[2010-08-29 13:34:02 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Flash_Disinfector.exe
[2010-08-29 13:24:28 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Połączenie szerokopasmowe.lnk
[2010-08-29 12:41:12 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-28 14:13:21 | 005,613,568 | R--- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ESBK.mbb
[2010-08-28 14:13:21 | 002,551,808 | R--- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ESBK.mb
[2010-08-27 16:59:53 | 000,003,592 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\HH.SAV
[2010-08-26 20:19:59 | 001,575,584 | -H-- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-25 16:30:01 | 000,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-08-25 09:58:14 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-24 20:57:44 | 000,066,552 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-08-24 20:47:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Skrót do Mój komputer.lnk
[2010-08-24 18:08:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-08-24 18:01:24 | 000,000,891 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-08-24 17:27:51 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Dokument mamy.rtf
[2010-08-24 13:54:21 | 000,001,364 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Szkoła podstawowa klasa 6 – Tajemnice przyrody.lnk
[2010-08-08 17:21:27 | 000,000,190 | -HS- | M] () -- C:\Documents and Settings\AGA\ntuser.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-29 14:31:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe
[2010-08-29 13:43:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-08-29 13:43:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-29 13:43:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-29 13:43:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-08-29 13:43:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-29 13:38:50 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\AGA\Pulpit\ComboFix.exe
[2010-08-29 13:34:03 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\Flash_Disinfector.exe
[2010-08-29 13:24:28 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Połączenie szerokopasmowe.lnk
[2010-08-24 20:47:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\Skrót do Mój komputer.lnk
[2010-08-24 18:01:49 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-08-24 13:54:21 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Szkoła podstawowa klasa 6 – Tajemnice przyrody.lnk
[2010-03-14 12:07:20 | 000,000,632 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010-02-18 18:31:13 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\HH.SAV
[2009-11-14 19:13:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009-06-13 19:14:03 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009-06-13 18:53:26 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2009-03-29 16:25:00 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-26 11:45:27 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008-11-08 16:16:28 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-09-28 13:39:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008-09-24 18:55:42 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2008-09-20 15:46:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2008-09-20 15:46:28 | 000,003,548 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2008-09-20 15:46:24 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008-09-20 15:32:07 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2008-09-20 15:32:07 | 000,000,064 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2008-09-20 14:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2008-09-20 13:25:26 | 000,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008-09-20 13:22:45 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2008-09-20 13:22:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008-09-11 10:44:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-09-10 15:47:30 | 000,010,587 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2008-07-18 15:27:05 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-07-18 15:27:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-07-18 15:27:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-07-18 15:27:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-07-18 15:27:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-07-18 15:27:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-07-18 14:51:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-07-16 23:21:01 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-07-16 19:55:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008-07-16 19:55:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007-01-31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2003-04-16 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000-09-08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
< End of report >
[/log]

[log]OTL Extras logfile created on: 2010-08-29 14:31:21 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\AGA\Pulpit
Windows XP Home Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 156,00 Mb Available Physical Memory | 31,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,57 Gb Free Space | 36,55% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 53,42 Gb Free Space | 82,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AGA-NXCFZ9DJ1UP
Current User Name: AGA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C811605-BAB2-4129-AB15-0A9956B2F0D2}" = PAC7312
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4ADCC9-8288-482D-A6B9-E36CD9084BAB}" = Agent Hugo - Misja Hawaje
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{5265664F-6128-405C-9225-9782A85954FD}" = Plustek USB Scanner
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{633B1B7C-EF52-4DA0-9CFC-FB625DA7E554}" = Podróże Grovera
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare, program
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"1f500344b6310dc5e95edbafb4dc854e-691254322" = Encyklopedia małego człowieka
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer V3.3_is1" = ALLPlayer V3.X
"AQOSDE/DE-German_is1" = Ancient Quest of Saqqarah
"Ares" = Ares 2.0.1
"Atomowki - Wielka Potyczka z Ksiezniczka Chytruska" = Atomowki - Wielka Potyczka z Ksiezniczka Chytruska
"avast!" = avast! Antivirus
"BCJOAES/ES-Spanish_is1" = Brain College: Jewels of Atlantis
"Enable S3 for USB Device" = Enable S3 for USB Device
"hp print screen utility" = hp print screen utility
"InCD!UninstallKey" = InCD
"InstallShield_{0C811605-BAB2-4129-AB15-0A9956B2F0D2}" = PAC7312
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Logomocja-Imagine Demo_is1" = Logomocja-Imagine Demo wersja 2.1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Q-Typing 1.3_is1" = Q-Typing 1.3
"RealPlayer 6.0" = RealPlayer
"SLOJDE_is1" = StoneLoops of Jurassica
"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy
"SubEdit-Player_is1" = SubEdit-Player
"Syberia_is1" = Syberia
"Szkoła podstawowa klasa 5 - Tajemnice przyrody" = Szkoła podstawowa klasa 5 - Tajemnice przyrody
"Szkoła podstawowa klasa 6 – Tajemnice przyrody" = Szkoła podstawowa klasa 6 – Tajemnice przyrody
"Tlen.pl" = Tlen.pl
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Media Format Runtime" = Windows Media Format Runtime

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2010-03-13 06:56:50 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2009-06-14\104_1863.jpg failed, 0000001E.

Error - 2010-03-13 07:00:43 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2009-06-14\104_1865.jpg failed, 0000001E.

Error - 2010-03-13 07:00:48 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2009-06-14\104_1868.jpg failed, 0000001E.

Error - 2010-03-13 07:11:29 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2009-06-14\104_1869.jpg failed, 0000A420.

Error - 2010-03-13 07:15:03 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2009-06-14\104_1871.jpg failed, 0000A420.

Error - 2010-07-26 12:56:14 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\zima, radek z dziećmi\Thumbs.db failed, 0000001E.

Error - 2010-07-26 12:59:37 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\zima, radek z dziećmi\104_0961.jpg failed, 0000001E.

Error - 2010-07-26 13:00:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\majówka w lesie i długi pobyt kasi i radka z dziećmi\104_1454.jpg failed, 0000001E.


Error - 2010-07-26 13:07:32 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Urodziny Kamila 8\104_1246.jpg failed, 0000001E.

Error - 2010-08-25 11:35:02 | Computer Name = AGA-NXCFZ9DJ1UP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Zdjęcia\aga\100_3790.jpg failed, 0000001E.

[ Application Events ]
Error - 2010-05-21 13:22:29 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd easyshare.exe, wersja 5.3.33.26, moduł powodujący
błąd esskin.esx, wersja 5.3.33.26, adres błędu 0x000393f2.

Error - 2010-05-22 10:46:40 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-05-24 09:50:48 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-05-25 13:18:45 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-05-31 06:38:46 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-05-31 09:28:07 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-05-31 11:51:54 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-06-02 04:19:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-06-02 14:58:36 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

Error - 2010-06-03 09:44:14 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Perflib | ID = 2002
Description = Wykonywanie procedury otwarcia dla usługi „WmiApRpl” w bibliotece
DLL „C:\WINDOWS\System32\wbem\wmiaprpl.dll” trwało dłużej niż ustalony czas oczekiwania.
Może to być spowodowane problemem z tym rozszerzalnym licznikiem lub też usługa
albo system, z którego pobiera on dane, mógł być bardzo zajęty w momencie wywołania
tej procedury.

[ System Events ]
Error - 2010-08-29 07:43:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-29 07:44:51 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%2

Error - 2010-08-29 07:45:00 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7022
Description = Usługa Bonjour Service zawiesiła się podczas uruchamiania.

Error - 2010-08-29 07:51:17 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-29 07:51:17 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-29 07:51:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-29 07:51:21 | Computer Name = AGA-NXCFZ9DJ1UP | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-29 07:52:26 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%2

Error - 2010-08-29 07:52:26 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi wscsvc z powodu następującego błędu: %%1083

Error - 2010-08-29 07:52:42 | Computer Name = AGA-NXCFZ9DJ1UP | Source = Service Control Manager | ID = 7022
Description = Usługa Bonjour Service zawiesiła się podczas uruchamiania.


< End of report >
[/log]


log: GMER
[log]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-29 15:23:14
Windows 5.1.2600 Dodatek Service Pack. 1
Running: zd6tywrb.exe; Driver: C:\DOCUME~1\AGA\USTAWI~1\Temp\kxxcakog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF47BC6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF47BC574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF47BCA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF47BC14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF47BC64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF47BC08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF47BC0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF47BC76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF47BC72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF47BC8AE]

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys Nie można odnaleźć określonego pliku. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7D48510]
? C:\DOCUME~1\AGA\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. !
? C:\ComboFix\catchme.sys Nie można odnaleźć określonego pliku. !
? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00560002
IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00560000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x39 0xA0 0xF2 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x39 0xA0 0xF2 0x28 ...

---- EOF - GMER 1.0.15 ----
[/log]

Ponadto przeskanowałem kompa programem USBFix

oto log USBFix
[log]############################## | UsbFix 7.022 | [Research]

User: AGA (Administrator) # AGA-NXCFZ9DJ1UP [ ]
Updated 29/08/10 by El Desaparecido / C_XX
Started at 09:16:21 | 30/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Sempron(tm) 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack. 1
Internet Explorer 6.0.2800.1106

RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 10 Gb (4 Mb free - 37%) [] # NTFS
D:\ -> Fixed drive # 65 Gb (53 Mb free - 82%) [DANE] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [KINGSTON] # FAT32

################## | Files # Infected Folders |

Found ! D:\muza

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

C:\autorun.inf -> Folder created by Flash_Disinfector (sUBs)

################## | E.O.F |
[/log]

Czy mam postępować dalej, czyli skorzystać z opcji Deletion? - czy w tym wypadku program nie spowoduję uszczerbku na plikach we wskazanym w logu folderze D:\muza ?

Ps: Proszę o szybką pomoc i wyrozumiałość, bo słabo się orientuję w temacie.
[color="#FF0000"]
//Logi wklejamy w tagi !!!
//Następnym razem proszę się do tego zastosować
//Tymczasem poprawiam
//Tom01[/color]

Tomek01
komentarz
komentarz

Po pierwsze, stosowanie Combofixa jest niezgodne z regulaminem, przede wszystkim jednak możesz sobie narobić szkód. Tym bardziej, że: [b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! [/b] Podstawowy błąd.


Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.


Jeśli nie znasz tego pliku to go nie usuwaj ze skryptu, jeśli znasz to usuń: C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe


W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

:Files
C:\autorun.inf

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.

emil_bart
komentarz
komentarz (edytowane)

Tylko. że plik
C:\Documents and Settings\AGA\Pulpit\zd6tywrb.exe
jest programem GMER, którego używałem również do skanowania komputera w celu wykrycia infekcji?
więc czy to ma znaczenie i usunąć go i postępować dalej, według podanej przez Pana instrukcji?

Sohei
komentarz
komentarz

Emil poprawiłem skrypt Tomka teraz możesz go wkleić

emil_bart
komentarz
komentarz (edytowane)

Po wklejeniu skryptu i zrestartowaniu systemu OTL podał taki log:

[log]All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
========== FILES ==========
C:\autorun.inf folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: AGA
->Temp folder emptied: 1005068 bytes
->Temporary Internet Files folder emptied: 258937 bytes
->Java cache emptied: 9254525 bytes
->FireFox cache emptied: 104119729 bytes
->Flash cache emptied: 154798 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Sara Diana Kamil
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 38723417 bytes
->Flash cache emptied: 10080 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1281353 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131072 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08312010_131646

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_554.dat not found!

Registry entries deleted on Reboot...
[/log]


Po kolejnym uruchomieniu kompa avast wyświetla komunikat ze wykryto pasożyta, wcisnąłem żeby nie podejmował akcji... ponieważ przy wcześniejszym takim zdarzeniu gdy wcisnąłem usuń bądź kwarantanne pojawił się problem z brakiem możliwości wejścia na dysk D prze podwójne kliknięcie.

Więc czy wszystko jest/będzie ok?

Tomek01
komentarz
komentarz

Wrzuć jeszcze nowe logi OTL i RSIT.

emil_bart
komentarz
komentarz (edytowane)

dziękuję za pomoc... robaka przeniosłem avastem do kwarantanny i tymczasowo problem zażegnany

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.