x-kom hosting

Reklamiarz

Deace
utworzono
utworzono (edytowane)

Witam. Od dłuższego czasu mam wirusa reklamiarza i nie mogę się go pozbyć. Próbowałem już kilkoma antywirami, ale nic go nie wykrywa. Zwracam się więc do Was z prośbą o sprawdzenie loga i pomoc w uporaniu z tym problemem. Z góry dziękuje.

Edit: Wrzucam też screena z Local Port scanera, który coś wykrył. Nie mam tylko pojęcia jak to naprawić.

[log]OTL logfile created on: 2010-01-28 12:29:36 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = E:\(@_@)
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 544,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,52 Gb Total Space | 5,20 Gb Free Space | 26,64% Space Free | Partition Type: FAT32
Drive D: | 29,28 Gb Total Space | 8,66 Gb Free Space | 29,59% Space Free | Partition Type: FAT32
Drive E: | 25,68 Gb Total Space | 1,31 Gb Free Space | 5,09% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIOTREK
Current User Name: Piotrek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-17 17:50:56 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-23 17:28:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\(@_@)\OTL.exe
PRC - [2009-08-06 19:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-07-21 13:34:34 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-06-11 20:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-05-13 15:48:24 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-03-02 12:08:48 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009-02-09 12:10:46 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2004-08-04 12:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 12:00:00 | 00,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004-08-04 12:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2004-08-04 12:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004-08-04 12:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2004-08-04 12:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004-08-04 12:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-04 12:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004-08-04 12:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2002-04-17 10:49:16 | 00,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001-04-05 00:30:00 | 00,290,816 | ---- | M] (JPSoft DK) -- C:\Program Files\LPS\LPS.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2009-12-23 17:28:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\(@_@)\OTL.exe
MOD - [2009-12-22 06:43:06 | 00,664,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-12-22 06:43:06 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2009-12-22 06:43:04 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll
MOD - [2009-12-08 10:13:28 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-09-04 22:47:54 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2009-07-17 20:57:56 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2009-06-25 10:48:08 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 17:18:20 | 00,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:21:24 | 01,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:22:08 | 00,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:22:06 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-10-23 15:01:38 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-10-15 19:00:48 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008-07-03 15:16:28 | 08,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-06-20 19:42:20 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2006-05-03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004-08-04 14:00:00 | 00,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2004-08-04 14:00:00 | 00,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2004-08-04 14:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004-08-04 12:00:00 | 01,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2004-08-04 12:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 12:00:00 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004-08-04 12:00:00 | 00,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2004-08-04 12:00:00 | 00,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2004-08-04 12:00:00 | 00,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2004-08-04 12:00:00 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2004-08-04 12:00:00 | 00,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2004-08-04 12:00:00 | 00,520,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll
MOD - [2004-08-04 12:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004-08-04 12:00:00 | 00,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004-08-04 12:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004-08-04 12:00:00 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll
MOD - [2004-08-04 12:00:00 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2004-08-04 12:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004-08-04 12:00:00 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2004-08-04 12:00:00 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2004-08-04 12:00:00 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2004-08-04 12:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2004-08-04 12:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mydocs.dll
MOD - [2004-08-04 12:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004-08-04 12:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2004-08-04 12:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2004-08-04 12:00:00 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2004-08-04 12:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2004-08-04 12:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004-08-04 12:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2004-08-04 12:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (QuestService Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2009-07-21 13:34:34 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-06-12 01:47:00 | 02,837,916 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009-06-11 20:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-05-13 15:48:24 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2008-10-31 07:24:28 | 01,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008-10-31 07:24:28 | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-01-01 13:54:46 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-09-10 22:31:24 | 00,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-06-21 11:54:54 | 00,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009-05-11 09:12:26 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-03-30 09:33:08 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:06 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-10-31 07:09:06 | 00,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-06-21 04:54:54 | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008-06-21 04:54:54 | 00,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2007-07-03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007-07-03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007-07-03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006-09-20 15:01:12 | 04,019,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-04 12:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.17
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.2.0.2050
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.2.0.2150

FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009-12-22 16:56:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009-12-22 16:56:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009-12-22 16:56:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-05 21:40:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-05 21:40:56 | 00,000,000 | ---D | M]

[2009-06-05 21:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Extensions
[2009-06-05 21:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions
[2010-01-19 23:32:32 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009-11-27 16:53:16 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-06-05 21:40:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-22 17:34:40 | 00,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2008-11-11 09:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009-05-19 17:23:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2009-12-22 17:34:42 | 00,002,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice111.xml
[2010-01-17 17:50:58 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-17 17:50:58 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-17 17:50:58 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-17 17:50:58 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-17 17:50:58 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-17 17:50:58 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9 88.156.96.61
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-05 21:26:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-06-05 21:04:36 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-01-28 12:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\LPS
[2010-01-19 23:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Pulpit\Pobieranie
[2010-01-11 23:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Pulpit\słowniki
[2010-01-07 17:52:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Piotrek\Recent
[2010-01-04 17:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe
[2010-01-04 17:40:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-01-04 17:37:07 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Piotrek\Pulpit\ccsetup227.exe
[2010-01-03 21:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help
[2010-01-03 21:44:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Help
[2009-12-30 23:14:26 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-12-30 23:14:26 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-12-30 23:14:26 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-12-30 23:14:26 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-12-30 23:14:25 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-12-30 23:14:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-12-30 23:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2009-12-24 16:47:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009-12-24 16:47:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009-12-24 16:45:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009-12-23 17:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-12-23 16:43:41 | 00,270,888 | R--- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2009-12-23 16:43:41 | 00,065,576 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2009-12-23 16:43:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009-12-23 15:32:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-12-22 16:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuestService
[2009-12-22 16:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService
[2009-12-22 16:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Textual Content Provider
[2009-12-22 16:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Textual Content Provider
[2009-12-22 16:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Content Management Wizard
[2009-12-22 16:56:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Internet Today
[2009-12-22 16:56:44 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Today
[2009-12-22 16:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer
[2009-12-22 16:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Customized Platform Advancer
[2009-12-22 16:56:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer
[2009-12-22 16:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Automated Content Enhancer
[2009-12-22 16:56:13 | 00,000,000 | ---D | C] -- C:\Program Files\Web Search Operator
[2009-12-22 16:56:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Web Search Operator
[2009-12-22 16:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Gameztar Toolbar
[2009-12-22 16:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar
[2009-12-11 15:27:24 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2009-06-05 21:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-05 21:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-05 21:11:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-06-05 21:11:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-01-28 11:42:02 | 00,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-01-28 11:41:54 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-28 11:20:04 | 01,421,014 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\BC1.bmp
[2010-01-28 10:14:46 | 00,229,835 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-01-28 10:14:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-28 10:14:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-27 23:08:52 | 04,194,304 | ---- | M] () -- C:\Documents and Settings\Piotrek\ntuser.dat
[2010-01-27 23:08:52 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Piotrek\ntuser.ini
[2010-01-27 23:08:46 | 03,743,020 | -H-- | M] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-19 23:32:32 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk
[2010-01-19 19:04:32 | 00,765,134 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-01-19 19:04:32 | 00,358,702 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-01-19 19:04:32 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-19 19:04:32 | 00,050,748 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-01-19 19:04:32 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-19 14:37:02 | 02,409,579 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\tegan and sarah - walking with a ghost.mp3
[2010-01-13 17:16:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-13 10:55:58 | 04,100,672 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\red hot chili peppers - otherside.mp3
[2010-01-13 10:51:42 | 02,886,502 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\metro station - shake it.mp3
[2010-01-13 10:46:12 | 04,430,025 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\sigur ros - hoppipollaG.mp3
[2010-01-11 23:09:52 | 00,533,290 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\s__ownik_angielsko_polski_www.przeklej.pl(2).jar
[2010-01-11 19:56:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2010-01-04 17:40:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\CCleaner.lnk
[2010-01-04 17:39:48 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\bez tytułu.bmp
[2010-01-04 17:37:36 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Piotrek\Pulpit\ccsetup227.exe
[2010-01-04 15:26:56 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-02 15:23:24 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\Pozytywizm prawniczy a koncepcje praw natury.doc
[2010-01-01 13:54:46 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-12-30 23:14:38 | 00,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-12-30 23:04:38 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-12-23 17:37:04 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\Piotrek\Pulpit\HijackThis.lnk
[2009-12-23 15:33:02 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-12-23 15:33:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-12-23 15:33:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-28 11:20:02 | 01,421,014 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\BC1.bmp
[2010-01-19 23:32:30 | 00,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\BitComet.lnk
[2010-01-13 17:16:30 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-01-11 23:09:49 | 00,533,290 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\s__ownik_angielsko_polski_www.przeklej.pl(2).jar
[2010-01-11 17:33:21 | 02,886,502 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\metro station - shake it.mp3
[2010-01-11 17:32:05 | 02,409,579 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\tegan and sarah - walking with a ghost.mp3
[2010-01-11 17:30:04 | 04,100,672 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\red hot chili peppers - otherside.mp3
[2010-01-11 17:26:06 | 04,430,025 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\sigur ros - hoppipollaG.mp3
[2010-01-04 17:40:24 | 00,001,452 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\CCleaner.lnk
[2010-01-04 17:39:46 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\bez tytułu.bmp
[2010-01-02 13:29:00 | 00,088,064 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\Pozytywizm prawniczy a koncepcje praw natury.doc
[2009-12-30 23:14:36 | 00,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-12-23 17:37:03 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\Piotrek\Pulpit\HijackThis.lnk
[2009-07-18 16:50:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-07-18 16:49:06 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-06-22 20:53:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-06-06 17:28:23 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009-06-06 17:20:22 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009-06-06 17:20:15 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-06-06 11:27:26 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-06-06 10:40:32 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-06-05 22:01:26 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-02 18:11:16 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-07-10 18:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004-08-04 12:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-07-12 10:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2009-12-22 16:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService
[2009-06-05 21:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\BESTplayer
[2009-06-06 11:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu
[2009-06-06 20:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\OpenFM
[2009-06-21 11:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Folder przesyłania Share-to-Web
[2009-06-24 14:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\fizzy
[2009-07-08 17:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\GanymedeNet
[2009-07-12 10:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Sports Interactive
[2009-07-18 16:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Piotrek\Dane aplikacji\Samsung

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2004-08-04 12:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-04 12:00:00 | 00,250,624 | RHS- | M] () -- C:\ntldr
[2004-08-04 12:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-23 15:33:02 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-06-05 21:26:12 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-06-05 21:26:12 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-06-05 21:26:12 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-06-05 21:26:12 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-28 10:14:38 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[2009-10-17 19:41:34 | 00,000,074 | ---- | M] () -- C:\CMLoader.log
< End of report >[/log]

[URL=http://img402.imageshack.us/i/trj.png/][IMG=http://img402.imageshack.us/img402/9333/trj.th.png][/IMG][/URL]

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej[code]
:OTL
SRV - File not found [Disabled | Stopped] -- -- (QuestService Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009-12-22 16:56:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009-12-22 16:56:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009-12-22 16:56:32 | 00,000,000 | ---D | M]

:Files
C:\Program Files\Web Search Operator
C:\Program Files\Automated Content Enhancer
C:\Program Files\Customized Platform Advancer
C:\Program Files\QuestService
C:\Documents and Settings\All Users\Dane aplikacji\QuestService
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Textual Content Provider
C:\Program Files\Textual Content Provider
C:\Program Files\Content Management Wizard
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Internet Today
C:\Program Files\Internet Today
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer
C:\Program Files\Customized Platform Advancer
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer
C:\Program Files\Automated Content Enhancer
C:\Program Files\Web Search Operator
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Web Search Operator
C:\Program Files\Gameztar Toolbar
C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar
c:\FOUND.008

:Reg

:Commands
[emptytemp]
[Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

Deace
komentarz
komentarz

Zrobiłem tak jak napisałeś, ale niestety gdy kliknę "Run Fix" po chwili zawiesza się komputer. Tzn znikają wszystkie ikony i pasek startowy, a widać tylko tapetę z OTL'em, który jest bezczynny i nie reaguje na nic. Jedynym wyjściem jest restart komputera.
Reklamy dalej wyskakują, więc to znak, że nic się nie naprawiło.
Aha i nie jestem pewien, ale być może to przyczyna tego, że podałem tutaj loga z OTL'a w wersji 3.1.19.0, a próbowałem naprawiać w 3.1.27.0 . Ta starsza wersja gdzieś po prostu wsiąkła ( w necie też nie mogłem znaleźć ) i musiałem ściągnąć tego nowszego.

Mateusz J.
komentarz
komentarz

W takim układzie potrzebne nam będzie inne narzędzie.
ComboFix: http://www.forumpc.pl/index.php?showtopic=120614
Log na forum jak wcześniej.

Deace
komentarz
komentarz (edytowane)

Zrobiłem dokładnie tak jak pisało, ale nawet to nie zadziałało :/ Dalej wyskakują reklamy... Niżej log z ComboFix'a

Niby się nie znam, ale pozwolę sobie pogrubić kilka wpisów które mi nie pasują. Część reklam dotyczy gier, więc...

[log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 12:24:58.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.747 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll
2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll
2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL
2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS
2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat
2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat
2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro
2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software
[b]2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\QuestService[/b]
[b]2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\QuestService[/b]
2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\Textual Content Provider
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Content Management Wizard
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Internet Today
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Customized Platform Advancer
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Automated Content Enhancer
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Web Search Operator
[b]2009-12-22 15:55 . 2009-12-22 15:55 -------- d-----w- c:\program files\Gameztar Toolbar[/b]
2009-12-22 05:43 . 2004-08-04 11:00 664576 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Counter\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17629:TCP"= 17629:TCP:BitComet 17629 TCP
"17629:UDP"= 17629:UDP:BitComet 17629 UDP

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
[b]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?][/b]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll
FF - component: c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll
FF - component: c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-!ewido - c:\program files\ewido anti-spyware 4.0\ewido.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
AddRemove-Niezbędnik CD_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 12:30
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[b][HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"[/b]
.
Czas ukończenia: 2010-01-30 12:32:52
ComboFix-quarantined-files.txt 2010-01-30 11:32

Przed: 5 463 343 104 bajtów wolnych
Po: 5 599 608 832 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5224CA16D4A14E0EFBC1E1965272AE86[/log]

Mateusz J.
komentarz
komentarz

Większość folderów, które pozaznaczałes sa reklamiarzami:
Do notatnika wklej:
[code]File::
c:\program files\QuestService
c:\documents and settings\All Users\Dane aplikacji\QuestService
c:\program files\Textual Content Provider
c:\program files\Content Management Wizard
c:\program files\Internet Today
c:\program files\Customized Platform Advancer
c:\program files\Automated Content Enhancer
c:\program files\Web Search Operator
c:\program files\Gameztar Toolbar[/code][b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b]
Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Ma się rozpocząć kopiowanie. (i powstanie log, który pokażesz na forum).

Deace
komentarz
komentarz

Ciągle bez zmian. Jak "rzuciłem" ten plik tekstowy na ComboFixa, to go "wessał" i robiło się prawie dokładnie to samo co za pierwszym razem. Nie wiem czy o to chodziło. Aha i żadnej grafiki nie widzę ;P

[log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 15:59:31.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.502 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Piotrek\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\All Users\Dane aplikacji\QuestService"
"c:\program files\Automated Content Enhancer"
"c:\program files\Content Management Wizard"
"c:\program files\Customized Platform Advancer"
"c:\program files\Gameztar Toolbar"
"c:\program files\Internet Today"
"c:\program files\QuestService"
"c:\program files\Textual Content Provider"
"c:\program files\Web Search Operator"
.

((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll
2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll
2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL
2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS
2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat
2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat
2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro
2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software
2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\QuestService
2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\QuestService
2009-12-22 15:57 . 2009-12-22 15:57 -------- d-----w- c:\program files\Textual Content Provider
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Content Management Wizard
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Internet Today
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Customized Platform Advancer
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Automated Content Enhancer
2009-12-22 15:56 . 2009-12-22 15:56 -------- d-----w- c:\program files\Web Search Operator
2009-12-22 15:55 . 2009-12-22 15:55 -------- d-----w- c:\program files\Gameztar Toolbar
2009-12-22 05:43 . 2004-08-04 11:00 664576 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-30_11.30.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-30 11:36 . 2010-01-30 11:36 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Counter\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17629:TCP"= 17629:TCP:BitComet 17629 TCP
"17629:UDP"= 17629:UDP:BitComet 17629 UDP

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll
FF - component: c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll
FF - component: c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 16:05
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Czas ukończenia: 2010-01-30 16:07:48
ComboFix-quarantined-files.txt 2010-01-30 15:07
ComboFix2.txt 2010-01-30 11:32

Przed: 5 587 746 816 bajtów wolnych
Po: 5 557 714 944 bajtów wolnych

- - End Of File - - 967B9DB98955A55800577D5F0D006A86[/log]

Gość
komentarz
komentarz

Zła komenda w Scripcie.

Do Notatika wklej to:
[quote]
Folder::
c:\program files\QuestService
c:\documents and settings\All Users\Dane aplikacji\QuestService
c:\program files\Textual Content Provider
c:\program files\Content Management Wizard
c:\program files\Internet Today
c:\program files\Customized Platform Advancer
c:\program files\Automated Content Enhancer
c:\program files\Web Search Operator
c:\program files\Gameztar Toolbar

File::
c:\windows\system32\GameMon.des

Driver::
npggsvc

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
[/quote]
Reszta - bez zmian. ;)

Deace
komentarz
komentarz (edytowane)

Wydaje mi się że zadziałało. Wielkie dzięki. Na wszelki wypadek daję jeszcze loga do sprawdzenia.

Aha pozostaje tylko kwestia tego co pokazuje mi LPS. Podałem linka w pierwszym poście ( [IMG=http://img402.imageshack.us/img402/9333/trj.th.png][/IMG] ) i niestety nadal jest on aktualny. Ciągle wskazuje na trojana. Niby nie odczuwam jakiś problemów, więc może to pic na wodę, ale jednak byłbym spokojniejszy jakby ktoś mógł to sprawdzić ew dać jakieś wskazówki.

[log]ComboFix 10-01-28.05 - Piotrek 2010-01-30 18:59:18.3.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1023.733 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Piotrek\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Piotrek\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dane aplikacji\QuestService
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.2.0.5360\ACECommon.dll
c:\program files\Automated Content Enhancer\4.2.0.5360\Data\config.md
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\install.rdf
c:\program files\Automated Content Enhancer\4.2.0.5360\lri.dll
c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.dat
c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.exe
c:\program files\Content Management Wizard
c:\program files\Content Management Wizard\1.2.0.2080\cmwsh.dll
c:\program files\Content Management Wizard\1.2.0.2080\config.mx
c:\program files\Content Management Wizard\1.2.0.2080\data.mx
c:\program files\Content Management Wizard\1.2.0.2080\exclude.mx
c:\program files\Content Management Wizard\1.2.0.2080\LRI.dll
c:\program files\Content Management Wizard\1.2.0.2080\MatchingData.zd5
c:\program files\Content Management Wizard\1.2.0.2080\pxtmpdata.mx
c:\program files\Content Management Wizard\1.2.0.2080\unins000.dat
c:\program files\Content Management Wizard\1.2.0.2080\unins000.exe
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.2.0.2050\CPACommon.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\Data\config.md
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\install.rdf
c:\program files\Customized Platform Advancer\4.2.0.2050\lri.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.dat
c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.exe
c:\program files\Gameztar Toolbar
c:\program files\Internet Today
c:\program files\Internet Today\1.2.0.1420\InternetToday.ico
c:\program files\Internet Today\1.2.0.1420\InternetToday.skf
c:\program files\Internet Today\1.2.0.1420\mfc80.dll
c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.CRT.manifest
c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.MFC.manifest
c:\program files\Internet Today\1.2.0.1420\msvcr80.dll
c:\program files\Internet Today\1.2.0.1420\SkinCrafterDll.dll
c:\program files\Internet Today\1.2.0.1420\unins000.dat
c:\program files\Internet Today\1.2.0.1420\unins000.exe
c:\program files\QuestService
c:\program files\QuestService\questservice.exe
c:\program files\QuestService\uninstall.exe
c:\program files\Textual Content Provider
c:\program files\Textual Content Provider\1.2.0.1960\data\pxtmpdata.mx
c:\program files\Textual Content Provider\1.2.0.1960\data\TP_Config.mx
c:\program files\Textual Content Provider\1.2.0.1960\data\TP_Data.mx
c:\program files\Textual Content Provider\1.2.0.1960\data\TP_DomainExcludeList.mx
c:\program files\Textual Content Provider\1.2.0.1960\data\TP_DomainInterval.mx
c:\program files\Textual Content Provider\1.2.0.1960\data\TP_KeywordInterval.mx
c:\program files\Textual Content Provider\1.2.0.1960\LRI.dll
c:\program files\Textual Content Provider\1.2.0.1960\unins000.dat
c:\program files\Textual Content Provider\1.2.0.1960\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\4.2.0.2150\Data\config.md
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome.manifest
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\4.2.0.2150\FF\install.rdf
c:\program files\Web Search Operator\4.2.0.2150\lri.dll
c:\program files\Web Search Operator\4.2.0.2150\unins000.dat
c:\program files\Web Search Operator\4.2.0.2150\unins000.exe
c:\program files\Web Search Operator\4.2.0.2150\WSOCommon.dll
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-29 22:14 . 2009-07-29 06:35 2378752 ----a-w- c:\windows\system32\x264vfw.dll
2010-01-29 22:14 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-29 22:14 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-01-29 22:14 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-01-29 22:14 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2010-01-29 22:14 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll
2010-01-29 22:14 . 1997-04-07 17:19 391680 ----a-w- c:\windows\system32\I263_32.drv
2010-01-29 22:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-29 22:07 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-29 22:07 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-29 22:07 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-29 22:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-29 22:07 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-29 21:47 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-29 14:03 . 2010-01-29 14:03 -------- d-----w- C:\_OTL
2010-01-28 11:19 . 2010-01-28 11:19 -------- d-----w- c:\program files\LPS
2010-01-19 22:32 . 2010-01-19 22:32 1036288 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-01-04 16:40 . 2010-01-04 16:40 -------- d-----w- c:\program files\CCleaner
2010-01-03 20:44 . 2010-01-03 20:44 -------- d-----w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Help

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 13:45 . 2009-06-06 10:02 42168 ----a-w- c:\documents and settings\Piotrek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-28 11:14 . 2009-06-02 17:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-19 18:04 . 2004-08-04 11:00 50748 ----a-w- c:\windows\system32\perfc015.dat
2010-01-19 18:04 . 2004-08-04 11:00 358702 ----a-w- c:\windows\system32\perfh015.dat
2010-01-01 12:54 . 2009-12-30 22:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\program files\Avira
2009-12-30 22:14 . 2009-12-30 22:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-12-23 16:37 . 2009-12-23 16:37 -------- d-----w- c:\program files\Trend Micro
2009-12-23 15:43 . 2009-12-23 15:43 -------- d-----w- c:\program files\Sunbelt Software
2009-12-22 05:43 . 2004-08-04 11:00 664576 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:43 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-07 19:45 . 2009-11-26 15:07 79488 ----a-w- c:\documents and settings\Piotrek\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 16:46 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-30_11.30.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-30 16:59 . 2010-01-30 16:59 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-09-12 19:20 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-04-30 23:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-30 23:30 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-04-30 23:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-03 04:12 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-11 19:51 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 19:41 33792 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Counter\\hl.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"e:\\Steam\\steamapps\\smok2114\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17629:TCP"= 17629:TCP:BitComet 17629 TCP
"17629:UDP"= 17629:UDP:BitComet 17629 UDP

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-12-23 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-30 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-12-23 65576]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
FF - ProfilePath - c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\documents and settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\zgjm5i5s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\Piotrek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-QuestService - c:\program files\QuestService\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 19:06
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2010-01-30 19:08:37
ComboFix-quarantined-files.txt 2010-01-30 18:08
ComboFix2.txt 2010-01-30 15:07
ComboFix3.txt 2010-01-30 11:32

Przed: 5 582 209 024 bajtów wolnych
Po: 5 539 119 104 bajtów wolnych

- - End Of File - - A18215F405A2EB32242D2889A838EABF[/log]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.