Deace utworzono 28 stycznia 2010 utworzono 28 stycznia 2010 (edytowane) Witam. Od dłuższego czasu mam wirusa reklamiarza i nie mogę się go pozbyć. Próbowałem już kilkoma antywirami, ale nic go nie wykrywa. Zwracam się więc do Was z prośbą o sprawdzenie loga i pomoc w uporaniu z tym problemem. Z góry dziękuje. Edit: Wrzucam też screena z Local Port scanera, który coś wykrył. Nie mam tylko pojęcia jak to naprawić. [log]OTL logfile created on: 2010-01-28 12:29:36 - Run 2 OTL by OldTimer - Version 3.1.19.0 Folder = E:\(@_@) Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 544,00 Mb Available Physical Memory | 53,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,52 Gb Total Space | 5,20 Gb Free Space | 26,64% Space Free | Partition Type: FAT32 Drive D: | 29,28 Gb Total Space | 8,66 Gb Free Space | 29,59% Space Free | Partition Type: FAT32 Drive E: | 25,68 Gb Total Space | 1,31 Gb Free Space | 5,09% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PIOTREK Current User Name: Piotrek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-01-17 17:50:56 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-12-23 17:28:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\(@_@)\OTL.exe PRC - [2009-08-06 19:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-07-21 13:34:34 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-06-11 20:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-05-13 15:48:24 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-03-02 12:08:48 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-02-09 12:10:46 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-10-31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe PRC - [2004-08-04 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 12:00:00 | 00,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 12:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 12:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-04 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 12:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2002-04-17 10:49:16 | 00,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe PRC - [2001-04-05 00:30:00 | 00,290,816 | ---- | M] (JPSoft DK) -- C:\Program Files\LPS\LPS.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2009-12-23 17:28:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\(@_@)\OTL.exe MOD - [2009-12-22 06:43:06 | 00,664,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-12-22 06:43:06 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2009-12-22 06:43:04 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2009-12-08 10:13:28 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-09-04 22:47:54 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2009-07-17 20:57:56 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009-06-25 10:48:08 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 17:18:20 | 00,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:21:24 | 01,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:22:08 | 00,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:22:06 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 15:01:38 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-15 19:00:48 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-07-03 15:16:28 | 08,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-06-20 19:42:20 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2006-05-03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll MOD - [2004-08-04 14:00:00 | 00,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 14:00:00 | 00,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll MOD - [2004-08-04 14:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 12:00:00 | 01,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 12:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 12:00:00 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 12:00:00 | 00,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 12:00:00 | 00,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2004-08-04 12:00:00 | 00,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2004-08-04 12:00:00 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 12:00:00 | 00,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 12:00:00 | 00,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2004-08-04 12:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 12:00:00 | 00,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 12:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 12:00:00 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2004-08-04 12:00:00 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-04 12:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 12:00:00 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2004-08-04 12:00:00 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2004-08-04 12:00:00 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2004-08-04 12:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-04 12:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mydocs.dll MOD - [2004-08-04 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 12:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2004-08-04 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2004-08-04 12:00:00 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 12:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2004-08-04 12:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 12:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2004-08-04 12:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (QuestService Service) SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - [2009-07-21 13:34:34 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-06-12 01:47:00 | 02,837,916 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-06-11 20:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-05-13 15:48:24 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2008-10-31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4) SRV - [2008-10-31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-01-01 13:54:46 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-09-10 22:31:24 | 00,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-06-21 11:54:54 | 00,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009-05-11 09:12:26 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-03-30 09:33:08 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:06 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-10-31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-06-21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips) DRV - [2008-06-21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2007-07-03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007-07-03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007-07-03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2006-09-20 15:01:12 | 04,019,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-08-04 12:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360 FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17 FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.2.0.2050 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0 FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.2.0.2150 FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009-12-22 16:56:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009-12-22 16:56:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009-12-22 16:56:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-05 21:40:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-05 21:40:56 | 00,000,000 | ---D | M] [2009-06-05 21:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Extensions [2009-06-05 21:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions [2010-01-19 23:32:32 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2009-11-27 16:53:16 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-06-05 21:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-22 17:34:40 | 00,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19} [2008-11-11 09:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009-05-19 17:23:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2009-12-22 17:34:42 | 00,002,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice111.xml [2010-01-17 17:50:58 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-17 17:50:58 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-17 17:50:58 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-17 17:50:58 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-17 17:50:58 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-17 17:50:58 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9 88.156.96.61 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-05 21:26:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-06-05 21:04:36 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-01-28 12:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\LPS [2010-01-19 23:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Pulpit\Pobieranie [2010-01-11 23:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Pulpit\słowniki [2010-01-07 17:52:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Piotrek\Recent [2010-01-04 17:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2010-01-04 17:40:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-01-04 17:37:07 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Piotrek\Pulpit\ccsetup227.exe [2010-01-03 21:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help [2010-01-03 21:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Help [2009-12-30 23:14:26 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009-12-30 23:14:26 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-12-30 23:14:26 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009-12-30 23:14:26 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009-12-30 23:14:25 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009-12-30 23:14:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009-12-30 23:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2009-12-24 16:47:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ [2009-12-24 16:47:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ [2009-12-24 16:45:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2009-12-23 17:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-12-23 16:43:41 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys [2009-12-23 16:43:41 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys [2009-12-23 16:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software [2009-12-23 15:32:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-12-22 16:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuestService [2009-12-22 16:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-12-22 16:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Textual Content Provider [2009-12-22 16:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Textual Content Provider [2009-12-22 16:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Content Management Wizard [2009-12-22 16:56:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Internet Today [2009-12-22 16:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Today [2009-12-22 16:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer [2009-12-22 16:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Customized Platform Advancer [2009-12-22 16:56:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer [2009-12-22 16:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Automated Content Enhancer [2009-12-22 16:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Web Search Operator [2009-12-22 16:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Web Search Operator [2009-12-22 16:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Gameztar Toolbar [2009-12-22 16:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar [2009-12-11 15:27:24 | 00,000,000 | -HSD | C] -- C:\FOUND.008 [2009-06-05 21:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-05 21:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-05 21:11:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-05 21:11:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-01-28 11:42:02 | 00,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-01-28 11:41:54 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-28 11:20:04 | 01,421,014 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\BC1.bmp [2010-01-28 10:14:46 | 00,229,835 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-01-28 10:14:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-01-28 10:14:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-01-27 23:08:52 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\Piotrek\ntuser.dat [2010-01-27 23:08:52 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Piotrek\ntuser.ini [2010-01-27 23:08:46 | 03,743,020 | -H-- | M] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-01-19 23:32:32 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-01-19 19:04:32 | 00,765,134 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-01-19 19:04:32 | 00,358,702 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-01-19 19:04:32 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-01-19 19:04:32 | 00,050,748 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-01-19 19:04:32 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-01-19 14:37:02 | 02,409,579 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\tegan and sarah - walking with a ghost.mp3 [2010-01-13 17:16:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-01-13 10:55:58 | 04,100,672 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\red hot chili peppers - otherside.mp3 [2010-01-13 10:51:42 | 02,886,502 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\metro station - shake it.mp3 [2010-01-13 10:46:12 | 04,430,025 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\sigur ros - hoppipollaG.mp3 [2010-01-11 23:09:52 | 00,533,290 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\s__ownik_angielsko_polski_www.przeklej.pl(2).jar [2010-01-11 19:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2010-01-04 17:40:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\CCleaner.lnk [2010-01-04 17:39:48 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\bez tytułu.bmp [2010-01-04 17:37:36 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Piotrek\Pulpit\ccsetup227.exe [2010-01-04 15:26:56 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-01-02 15:23:24 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\Pozytywizm prawniczy a koncepcje praw natury.doc [2010-01-01 13:54:46 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-12-30 23:14:38 | 00,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-12-30 23:04:38 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-12-23 17:37:04 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\HijackThis.lnk [2009-12-23 15:33:02 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini [2009-12-23 15:33:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-12-23 15:33:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-01-28 11:20:02 | 01,421,014 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\BC1.bmp [2010-01-19 23:32:30 | 00,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk [2010-01-13 17:16:30 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-01-11 23:09:49 | 00,533,290 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\s__ownik_angielsko_polski_www.przeklej.pl(2).jar [2010-01-11 17:33:21 | 02,886,502 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\metro station - shake it.mp3 [2010-01-11 17:32:05 | 02,409,579 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\tegan and sarah - walking with a ghost.mp3 [2010-01-11 17:30:04 | 04,100,672 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\red hot chili peppers - otherside.mp3 [2010-01-11 17:26:06 | 04,430,025 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\sigur ros - hoppipollaG.mp3 [2010-01-04 17:40:24 | 00,001,452 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\CCleaner.lnk [2010-01-04 17:39:46 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\bez tytułu.bmp [2010-01-02 13:29:00 | 00,088,064 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\Pozytywizm prawniczy a koncepcje praw natury.doc [2009-12-30 23:14:36 | 00,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-12-23 17:37:03 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\HijackThis.lnk [2009-07-18 16:50:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2009-07-18 16:49:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009-06-22 20:53:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-06-06 17:28:23 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009-06-06 17:20:22 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-06-06 17:20:15 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-06-06 11:27:26 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009-06-06 10:40:32 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-06-05 22:01:26 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-02 18:11:16 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-07-10 18:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2004-08-04 12:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009-07-12 10:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive [2009-12-22 16:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-06-05 21:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\BESTplayer [2009-06-06 11:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu [2009-06-06 20:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\OpenFM [2009-06-21 11:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Folder przesyłania Share-to-Web [2009-06-24 14:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\fizzy [2009-07-08 17:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\GanymedeNet [2009-07-12 10:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Sports Interactive [2009-07-18 16:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Samsung [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2004-08-04 12:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-04 12:00:00 | 00,250,624 | RHS- | M] () -- C:\ntldr [2004-08-04 12:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-12-23 15:33:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-06-05 21:26:12 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-06-05 21:26:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-06-05 21:26:12 | 00,000,000 | RHS- | M] () -- C:\IO.SYS [2009-06-05 21:26:12 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-01-28 10:14:38 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys [2009-10-17 19:41:34 | 00,000,074 | ---- | M] () -- C:\CMLoader.log < End of report >[/log] [URL=http://img402.imageshack.us/i/trj.png/][IMG=http://img402.imageshack.us/img402/9333/trj.th.png][/IMG][/URL]
Mateusz J. komentarz 29 stycznia 2010 komentarz 29 stycznia 2010 Uruchom OTL i w oknie Custom Scans/Fixes wklej[code] :OTL SRV - File not found [Disabled | Stopped] -- -- (QuestService Service) SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009-12-22 16:56:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009-12-22 16:56:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009-12-22 16:56:32 | 00,000,000 | ---D | M] :Files C:\Program Files\Web Search Operator C:\Program Files\Automated Content Enhancer C:\Program Files\Customized Platform Advancer C:\Program Files\QuestService C:\Documents and Settings\All Users\Dane aplikacji\QuestService C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Textual Content Provider C:\Program Files\Textual Content Provider C:\Program Files\Content Management Wizard C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Internet Today C:\Program Files\Internet Today C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer C:\Program Files\Customized Platform Advancer C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer C:\Program Files\Automated Content Enhancer C:\Program Files\Web Search Operator C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Web Search Operator C:\Program Files\Gameztar Toolbar C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar c:\FOUND.008 :Reg :Commands [emptytemp] [Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.
Deace komentarz 29 stycznia 2010 Autor komentarz 29 stycznia 2010 Zrobiłem tak jak napisałeś, ale niestety gdy kliknę "Run Fix" po chwili zawiesza się komputer. Tzn znikają wszystkie ikony i pasek startowy, a widać tylko tapetę z OTL'em, który jest bezczynny i nie reaguje na nic. Jedynym wyjściem jest restart komputera. Reklamy dalej wyskakują, więc to znak, że nic się nie naprawiło. Aha i nie jestem pewien, ale być może to przyczyna tego, że podałem tutaj loga z OTL'a w wersji 3.1.19.0, a próbowałem naprawiać w 3.1.27.0 . Ta starsza wersja gdzieś po prostu wsiąkła ( w necie też nie mogłem znaleźć ) i musiałem ściągnąć tego nowszego.
Mateusz J. komentarz 29 stycznia 2010 komentarz 29 stycznia 2010 W takim układzie potrzebne nam będzie inne narzędzie. ComboFix: http://www.forumpc.pl/index.php?showtopic=120614 Log na forum jak wcześniej.
Deace komentarz 30 stycznia 2010 Autor komentarz 30 stycznia 2010 (edytowane) Zrobiłem dokładnie tak jak pisało, ale nawet to nie zadziałało :/ Dalej wyskakują reklamy... Niżej log z ComboFix'a Niby się nie znam, ale pozwolę sobie pogrubić kilka wpisów które mi nie pasują. Część reklam dotyczy gier, więc... [log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 12:24:58.1.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.747 [GMT 1:00] Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ieuinit.inf c:\windows\unins000.dat c:\windows\unins000.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 ))))))))))))))))))))))))))))))) . 2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll 2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll 2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll 2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll 2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll 2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv 2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll 2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll 2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL 2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS 2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner 2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat 2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat 2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro 2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software [b]2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\QuestService[/b] [b]2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\QuestService[/b] 2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\Textual Content Provider 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Content Management Wizard 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Internet Today 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Customized Platform Advancer 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Automated Content Enhancer 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Web Search Operator [b]2009-12-22 15:55 . 2009-12-22 15:55 -------- d-----w- c:\program files\Gameztar Toolbar[/b] 2009-12-22 05:43 . 2004-08-04 11:00 664576 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Counter\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17629:TCP"= 17629:TCP:BitComet 17629 TCP "17629:UDP"= 17629:UDP:BitComet 17629 UDP R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576] S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] [b]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?][/b] . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll FF - component: c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll FF - component: c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-!ewido - c:\program files\ewido anti-spyware 4.0\ewido.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe AddRemove-Niezbędnik CD_is1 - c:\windows\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-30 12:30 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [b][HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service"[/b] . Czas ukończenia: 2010-01-30 12:32:52 ComboFix-quarantined-files.txt 2010-01-30 11:32 Przed: 5 463 343 104 bajtów wolnych Po: 5 599 608 832 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 5224CA16D4A14E0EFBC1E1965272AE86[/log]
Mateusz J. komentarz 30 stycznia 2010 komentarz 30 stycznia 2010 Większość folderów, które pozaznaczałes sa reklamiarzami: Do notatnika wklej: [code]File:: c:\program files\QuestService c:\documents and settings\All Users\Dane aplikacji\QuestService c:\program files\Textual Content Provider c:\program files\Content Management Wizard c:\program files\Internet Today c:\program files\Customized Platform Advancer c:\program files\Automated Content Enhancer c:\program files\Web Search Operator c:\program files\Gameztar Toolbar[/code][b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b] Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] [b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img] Ma się rozpocząć kopiowanie. (i powstanie log, który pokażesz na forum).
Deace komentarz 30 stycznia 2010 Autor komentarz 30 stycznia 2010 Ciągle bez zmian. Jak "rzuciłem" ten plik tekstowy na ComboFixa, to go "wessał" i robiło się prawie dokładnie to samo co za pierwszym razem. Nie wiem czy o to chodziło. Aha i żadnej grafiki nie widzę ;P [log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 15:59:31.2.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.502 [GMT 1:00] Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Piotrek\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0} FILE :: "c:\documents and settings\All Users\Dane aplikacji\QuestService" "c:\program files\Automated Content Enhancer" "c:\program files\Content Management Wizard" "c:\program files\Customized Platform Advancer" "c:\program files\Gameztar Toolbar" "c:\program files\Internet Today" "c:\program files\QuestService" "c:\program files\Textual Content Provider" "c:\program files\Web Search Operator" . ((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 ))))))))))))))))))))))))))))))) . 2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll 2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll 2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll 2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll 2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll 2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv 2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll 2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll 2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL 2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS 2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner 2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat 2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat 2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro 2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software 2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\QuestService 2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\QuestService 2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\Textual Content Provider 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Content Management Wizard 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Internet Today 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Customized Platform Advancer 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Automated Content Enhancer 2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Web Search Operator 2009-12-22 15:55 . 2009-12-22 15:55 -------- d-----w- c:\program files\Gameztar Toolbar 2009-12-22 05:43 . 2004-08-04 11:00 664576 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-30_11.30.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-30 11:36 . 2010-01-30 11:36 16384 c:\windows\Temp\Perflib_Perfdata_578.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Counter\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17629:TCP"= 17629:TCP:BitComet 17629 TCP "17629:UDP"= 17629:UDP:BitComet 17629 UDP R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll FF - component: c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll FF - component: c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-30 16:05 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(208) c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . Czas ukończenia: 2010-01-30 16:07:48 ComboFix-quarantined-files.txt 2010-01-30 15:07 ComboFix2.txt 2010-01-30 11:32 Przed: 5 587 746 816 bajtów wolnych Po: 5 557 714 944 bajtów wolnych - - End Of File - - 967B9DB98955A55800577D5F0D006A86[/log]
Gość komentarz 30 stycznia 2010 komentarz 30 stycznia 2010 Zła komenda w Scripcie. Do Notatika wklej to: [quote] Folder:: c:\program files\QuestService c:\documents and settings\All Users\Dane aplikacji\QuestService c:\program files\Textual Content Provider c:\program files\Content Management Wizard c:\program files\Internet Today c:\program files\Customized Platform Advancer c:\program files\Automated Content Enhancer c:\program files\Web Search Operator c:\program files\Gameztar Toolbar File:: c:\windows\system32\GameMon.des Driver:: npggsvc Registry:: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] [/quote] Reszta - bez zmian.
Deace komentarz 30 stycznia 2010 Autor komentarz 30 stycznia 2010 (edytowane) Wydaje mi się że zadziałało. Wielkie dzięki. Na wszelki wypadek daję jeszcze loga do sprawdzenia. Aha pozostaje tylko kwestia tego co pokazuje mi LPS. Podałem linka w pierwszym poście ( [IMG=http://img402.imageshack.us/img402/9333/trj.th.png][/IMG] ) i niestety nadal jest on aktualny. Ciągle wskazuje na trojana. Niby nie odczuwam jakiś problemów, więc może to pic na wodę, ale jednak byłbym spokojniejszy jakby ktoś mógł to sprawdzić ew dać jakieś wskazówki. [log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 18:59:18.3.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.733 [GMT 1:00] Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Piotrek\Pulpit\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0} FILE :: "c:\windows\system32\GameMon.des" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\QuestService c:\program files\Automated Content Enhancer c:\program files\Automated Content Enhancer\4.2.0.5360\ACECommon.dll c:\program files\Automated Content Enhancer\4.2.0.5360\Data\config.md c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome.manifest c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\ACEAddOn.jar c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.js c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.xul c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.xpt c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFHelperComponent.js c:\program files\Automated Content Enhancer\4.2.0.5360\FF\install.rdf c:\program files\Automated Content Enhancer\4.2.0.5360\lri.dll c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.dat c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.exe c:\program files\Content Management Wizard c:\program files\Content Management Wizard\1.2.0.2080\cmwsh.dll c:\program files\Content Management Wizard\1.2.0.2080\config.mx c:\program files\Content Management Wizard\1.2.0.2080\data.mx c:\program files\Content Management Wizard\1.2.0.2080\exclude.mx c:\program files\Content Management Wizard\1.2.0.2080\LRI.dll c:\program files\Content Management Wizard\1.2.0.2080\MatchingData.zd5 c:\program files\Content Management Wizard\1.2.0.2080\pxtmpdata.mx c:\program files\Content Management Wizard\1.2.0.2080\unins000.dat c:\program files\Content Management Wizard\1.2.0.2080\unins000.exe c:\program files\Customized Platform Advancer c:\program files\Customized Platform Advancer\4.2.0.2050\CPACommon.dll c:\program files\Customized Platform Advancer\4.2.0.2050\Data\config.md c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome.manifest c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.js c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.xul c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\CPAAddOn.jar c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.xpt c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFHelperComponent.js c:\program files\Customized Platform Advancer\4.2.0.2050\FF\install.rdf c:\program files\Customized Platform Advancer\4.2.0.2050\lri.dll c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.dat c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.exe c:\program files\Gameztar Toolbar c:\program files\Internet Today c:\program files\Internet Today\1.2.0.1420\InternetToday.ico c:\program files\Internet Today\1.2.0.1420\InternetToday.skf c:\program files\Internet Today\1.2.0.1420\mfc80.dll c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.CRT.manifest c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.MFC.manifest c:\program files\Internet Today\1.2.0.1420\msvcr80.dll c:\program files\Internet Today\1.2.0.1420\SkinCrafterDll.dll c:\program files\Internet Today\1.2.0.1420\unins000.dat c:\program files\Internet Today\1.2.0.1420\unins000.exe c:\program files\QuestService c:\program files\QuestService\questservice.exe c:\program files\QuestService\uninstall.exe c:\program files\Textual Content Provider c:\program files\Textual Content Provider\1.2.0.1960\data\pxtmpdata.mx c:\program files\Textual Content Provider\1.2.0.1960\data\TP_Config.mx c:\program files\Textual Content Provider\1.2.0.1960\data\TP_Data.mx c:\program files\Textual Content Provider\1.2.0.1960\data\TP_DomainExcludeList.mx c:\program files\Textual Content Provider\1.2.0.1960\data\TP_DomainInterval.mx c:\program files\Textual Content Provider\1.2.0.1960\data\TP_KeywordInterval.mx c:\program files\Textual Content Provider\1.2.0.1960\LRI.dll c:\program files\Textual Content Provider\1.2.0.1960\unins000.dat c:\program files\Textual Content Provider\1.2.0.1960\unins000.exe c:\program files\Web Search Operator c:\program files\Web Search Operator\4.2.0.2150\Data\config.md c:\program files\Web Search Operator\4.2.0.2150\FF\chrome.manifest c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.js c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.xul c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\WSOAddOn.jar c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.xpt c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFHelperComponent.js c:\program files\Web Search Operator\4.2.0.2150\FF\install.rdf c:\program files\Web Search Operator\4.2.0.2150\lri.dll c:\program files\Web Search Operator\4.2.0.2150\unins000.dat c:\program files\Web Search Operator\4.2.0.2150\unins000.exe c:\program files\Web Search Operator\4.2.0.2150\WSOCommon.dll c:\windows\system32\GameMon.des . ((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 ))))))))))))))))))))))))))))))) . 2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll 2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll 2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll 2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll 2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll 2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll 2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv 2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll 2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll 2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL 2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS 2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll 2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner 2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat 2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat 2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira 2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira 2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro 2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software 2009-12-22 05:43 . 2004-08-04 11:00 664576 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-30_11.30.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-30 16:59 . 2010-01-30 16:59 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Counter\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17629:TCP"= 17629:TCP:BitComet 17629 TCP "17629:UDP"= 17629:UDP:BitComet 17629 UDP R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576] S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-QuestService - c:\program files\QuestService\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-30 19:06 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-01-30 19:08:37 ComboFix-quarantined-files.txt 2010-01-30 18:08 ComboFix2.txt 2010-01-30 15:07 ComboFix3.txt 2010-01-30 11:32 Przed: 5 582 209 024 bajtów wolnych Po: 5 539 119 104 bajtów wolnych - - End Of File - - A18215F405A2EB32242D2889A838EABF[/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.