Witam, jestem nowym użytkownikiem forum, Jestem bardzo zdesperowany i prosze o pomoc… wrecz blagam ;-(((

Poczytalem sobie dokladnie o tym jak zwalczyc ten problem, ale chyba jestem za zielony zeby to wszystko pojac…

Doszedlem do tego ze trzeba dac na forum log z hijackthis, wiec o to on:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:36:02, on 2009-05-17

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Windows\PLFSetI.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WinRAR\WinRAR.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Łukasz\Downloads\Nowy folder\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0409&m=aspire_7730g

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0409&m=aspire_7730g

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0409&m=aspire_7730g

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix: 

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)


--

End of file - 10951 bytes

Prosze o POMOC ;-( Dziekuje ;-(

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Jeśli faktycznie to ten wirus, to niestety czeka cię totalny format wszystkich partycji, bez przenoszenia żadnych programów i instalek.

Upewnimy się jak dasz log z usuwania Combofix po poniższych czynnościach.

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Najpierw musze otworzyc notatnik i to zrobic czy pierw skan combofixem? Przepraszam ze pytam ale nie zrozumialem

Czego tu nie rozumiesz :?:

Napisales "Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy" wiec nie rozumiem czy mam go wlaczyc i zrobic skan czy najpierw zrobic ten notatnik i przeciagnac go na ikonke combofixa

Normalnie pobierasz Combofix na Pulpit i nie uruchamiasz go.

Otwierasz notatnik i wklejasz do niego tekst podany przez Leona$.

Plik zapisujesz jako CFScript.txt tak, aby ikonka pliku tekstowego była tuż obok ikonki Combofix.exe.

Dopiero teraz uruchamiamy Combofixa, przeciągając plik CFScript.txt na jego ikonkę.

dobra juz ogarnelem oto log z combofixa:

ComboFix 09-05-16.05 - Łukasz 2009-05-17 16:09.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3066.2037 [GMT 2:00]

Uruchomiony z: c:\users\Łukasz\Downloads\ComboFix.exe

Użyto następujących komend :: c:\users\Łukasz\Downloads\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.


((((((((((((((((((((((((( Pliki utworzone od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))

.


2009-05-15 14:01 . 2009-05-15 14:01	--------	d--h--w	c:\program files\Temp

2009-05-15 10:00 . 2009-05-15 10:00	66872	----a-w	c:\windows\system32\PnkBstrA.exe

2009-05-15 10:00 . 2009-05-15 12:07 138184	----a-w	c:\windows\system32\drivers\PnkBstrK.sys

2009-05-15 09:59 . 2009-05-15 12:07 183112	----a-w	c:\windows\system32\PnkBstrB.exe

2009-05-10 23:34 . 2009-05-10 23:35	286720	------w	c:\windows\Setup1.exe

2009-05-10 23:34 . 2009-05-10 23:35	73216	----a-w	c:\windows\ST6UNST.EXE

2009-05-09 15:36 . 2009-05-09 15:53	--------	d-----w	c:\users\Laurka\AppData\Local\Microsoft Games

2009-05-08 14:31 . 2009-05-15 09:38	--------	d-----w	c:\program files\EA GAMES

2009-05-08 13:55 . 2009-05-08 14:27	--------	d-----w	c:\program files\Alcohol Soft

2009-05-08 13:48 . 2009-05-08 13:48 721904	----a-w	c:\windows\system32\drivers\sptd.sys

2009-05-07 19:04 . 2009-05-07 19:04	--------	d-----w	c:\windows\Sun

2009-05-07 19:02 . 2009-05-07 19:02 410984	----a-w	c:\windows\system32\deploytk.dll

2009-05-07 19:02 . 2009-05-07 19:02	--------	d-----w	c:\program files\Java

2009-05-06 19:25 . 2009-05-10 07:53	--------	d-----w	c:\users\Jagodzianka\AppData\Local\Microsoft Games

2009-05-06 18:35 . 2009-05-06 18:35	16384	----a-w	c:\program files\uik.dat

2009-05-06 18:34 . 2009-05-17 10:01	5	----a-w	c:\program files\is.dat

2009-05-06 09:03 . 2009-05-06 09:03	4	----a-w	c:\windows\system32\proc97.bin

2009-05-06 05:11 . 2009-05-06 05:11	--------	d-----w	c:\users\All Users\Real

2009-05-06 05:11 . 2009-05-06 05:11	--------	d-----w	c:\program files\Real Alternative

2009-05-05 10:00 . 2009-05-05 10:00	--------	d-----w	c:\program files\Microsoft Silverlight

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\users\Public\Roaming

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\users\Laurka\Roaming

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\users\Default\Roaming

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\programdata\Roaming

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\users\All Users\Roaming

2009-05-05 09:05 . 2009-05-05 09:05	--------	d-----w	c:\program files\Cisco

2009-05-05 09:04 . 2009-05-05 09:04	--------	d-----w	c:\program files\Common Files\Intel

2009-05-05 09:04 . 2009-05-05 09:04	--------	d-----w	c:\programdata\Intel

2009-05-05 09:04 . 2009-05-05 09:04	--------	d-----w	c:\users\All Users\Intel

2009-05-03 18:02 . 2008-09-16 19:23 168448	----a-w	c:\windows\system32\unrar.dll

2009-05-03 18:01 . 2004-01-25 16:18 217088	----a-w	c:\windows\system32\yv12vfw.dll

2009-05-03 18:01 . 2008-12-07 18:08 795648	----a-w	c:\windows\system32\xvidcore.dll

2009-05-03 18:01 . 2008-12-07 18:08 130048	----a-w	c:\windows\system32\xvidvfw.dll

2009-05-03 18:01 . 2008-11-06 16:37	3596288	----a-w	c:\windows\system32\qt-dx331.dll

2009-05-03 18:01 . 2008-12-11 00:33	86016	----a-w	c:\windows\system32\dpl100.dll

2009-05-03 18:01 . 2008-11-06 16:33 684032	----a-w	c:\windows\system32\divx.dll

2009-05-03 18:01 . 2009-03-02 18:10	67584	----a-w	c:\windows\system32\ff_vfw.dll

2009-05-03 18:01 . 2009-01-07 18:14	60273	----a-w	c:\windows\system32\pthreadGC2.dll

2009-05-03 18:01 . 2009-05-03 18:02	--------	d-----w	c:\program files\K-Lite Codec Pack

2009-05-03 14:55 . 2009-05-17 10:55	--------	d-----w	c:\program files\NAPI-PROJEKT

2009-05-03 14:55 . 2009-05-15 08:21	--------	d-----w	c:\program files\ALLPlayer

2009-05-03 14:30 . 2009-05-07 21:47	--------	d-----w	c:\program files\uTorrent

2009-05-02 09:42 . 2009-05-02 09:42 107888	----a-w	c:\windows\system32\CmdLineExt.dll

2009-05-02 09:27 . 2009-05-02 09:34	--------	d-----w	c:\program files\CometBird

2009-05-02 07:06 . 2009-05-02 07:06	--------	d-----w	c:\windows\system32\AGEIA

2009-05-02 07:06 . 2009-05-02 07:07	--------	d-----w	c:\program files\AGEIA Technologies

2009-05-02 07:06 . 2009-05-02 07:06	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-05-02 04:41 . 2009-05-02 04:42	--------	d-----w	c:\program files\Nowe Gadu-Gadu

2009-04-30 22:08 . 2009-04-30 22:08 1194528	----a-w	c:\windows\system32\nvcplui.exe

2009-04-30 22:08 . 2009-04-30 22:08 1505824	----a-w	c:\windows\system32\nvcpluir.dll

2009-04-30 22:08 . 2009-04-30 22:08 1292832	----a-w	c:\windows\system32\nvsvs.dll

2009-04-30 22:08 . 2009-04-30 22:08 1358368	----a-w	c:\windows\system32\nvsvsr.dll

2009-04-30 20:02 . 2009-04-30 20:02 9850016	----a-w	c:\windows\system32\drivers\nvlddmkm.sys

2009-04-30 20:02 . 2009-04-30 20:02	1704960	----a-w	c:\windows\system32\nvcuda.dll

2009-04-30 20:02 . 2009-04-30 20:02	1314816	----a-w	c:\windows\system32\nvcuvenc.dll

2009-04-30 20:02 . 2009-04-30 20:02	663552	----a-w	c:\windows\system32\nvcuvid.dll

2009-04-30 20:02 . 2009-04-30 20:02	10366976	----a-w	c:\windows\system32\nvoglv32.dll

2009-04-30 20:02 . 2009-04-30 20:02 3128320	----a-w	c:\windows\system32\nvwgf2um.dll

2009-04-28 18:08 . 2009-04-28 18:08 143360	----a-w	c:\windows\system32\nvcod.dll

2009-04-28 18:08 . 2009-04-28 18:08 143360	----a-w	c:\windows\system32\nvcod146.dll

2009-04-28 18:08 . 2009-04-28 18:08 457248	----a-w	c:\windows\system32\nvudisp.exe

2009-04-26 15:36 . 2009-04-26 15:36	--------	d-----w	c:\programdata\302FC

2009-04-26 15:36 . 2009-04-26 15:36	--------	d-----w	c:\users\All Users\302FC

2009-04-26 13:01 . 2009-04-26 13:01	56	---ha-w	c:\windows\system32\ezsidmv.dat

2009-04-26 12:59 . 2009-04-26 12:59	--------	d-----w	c:\program files\Common Files\Skype

2009-04-26 12:59 . 2009-04-26 12:59	--------	d-----r	c:\program files\Skype

2009-04-26 12:59 . 2009-04-26 12:59	--------	d-----w	c:\programdata\Skype

2009-04-26 12:59 . 2009-04-26 12:59	--------	d-----w	c:\users\All Users\Skype

2009-04-26 11:58 . 2009-04-26 16:58	--------	d-----w	c:\programdata\Ubisoft

2009-04-26 11:58 . 2009-04-26 16:58	--------	d-----w	c:\users\All Users\Ubisoft

2009-04-25 17:54 . 2009-05-06 07:07	71280	----a-w	c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-04-25 17:54 . 2009-04-25 17:54	--------	d-----w	c:\users\Laurka\AppData\Local\PlayMovie

2009-04-25 17:54 . 2009-04-25 17:54	--------	d-----w	c:\users\Laurka\AppData\Local\Google

2009-04-25 17:54 . 2009-04-25 17:54	--------	d-----w	c:\users\Laurka\AppData\Local\PowerCinema

2009-04-25 17:54 . 2009-04-25 17:54	8224	----a-w	c:\users\Laurka\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-25 17:54 . 2009-04-25 17:54	--------	d-----r	c:\users\Laurka\Searches

2009-04-25 12:06 . 2009-04-25 12:06	--------	d-----w	c:\programdata\TEMP

2009-04-25 12:06 . 2009-04-25 12:06	--------	d-----w	c:\users\All Users\TEMP

2009-04-25 07:57 . 2009-04-25 07:57	0	----a-w	c:\windows\nsreg.dat

2009-04-25 06:38 . 2009-05-02 09:01	--------	d-----w	c:\program files\Rockstar Games

2009-04-24 20:47 . 2008-06-20 01:14	97800	----a-w	c:\windows\system32\infocardapi.dll

2009-04-24 20:47 . 2008-06-20 01:14 105016	----a-w	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-04-24 20:47 . 2008-06-20 01:14 622080	----a-w	c:\windows\system32\icardagt.exe

2009-04-24 20:47 . 2008-06-20 01:14	11264	----a-w	c:\windows\system32\icardres.dll

2009-04-24 20:47 . 2008-06-20 01:14	43544	----a-w	c:\windows\system32\PresentationHostProxy.dll

2009-04-24 20:47 . 2008-06-20 01:14 781344	----a-w	c:\windows\system32\PresentationNative_v0300.dll

2009-04-24 20:47 . 2008-06-20 01:14 326160	----a-w	c:\windows\system32\PresentationHost.exe

2009-04-24 20:42 . 2008-07-27 18:03	96760	----a-w	c:\windows\system32\dfshim.dll

2009-04-24 20:42 . 2008-07-27 18:03 282112	----a-w	c:\windows\system32\mscoree.dll

2009-04-24 20:42 . 2008-07-27 18:03	41984	----a-w	c:\windows\system32\netfxperf.dll

2009-04-24 20:42 . 2008-07-27 18:03	158720	----a-w	c:\windows\system32\mscorier.dll

2009-04-24 20:42 . 2008-07-27 18:03	83968	----a-w	c:\windows\system32\mscories.dll

2009-04-24 20:39 . 2009-02-09 03:10	2033152	----a-w	c:\windows\system32\win32k.sys

2009-04-24 20:39 . 2008-12-06 04:42 376832	----a-w	c:\windows\system32\winhttp.dll

2009-04-24 20:36 . 2009-03-03 04:39	551424	----a-w	c:\windows\system32\rpcss.dll

2009-04-24 20:36 . 2009-03-03 04:46 3599328	----a-w	c:\windows\system32\ntkrnlpa.exe

2009-04-24 20:36 . 2009-03-03 04:46 3547632	----a-w	c:\windows\system32\ntoskrnl.exe

2009-04-24 20:36 . 2009-03-03 03:04 666624	----a-w	c:\windows\system32\printfilterpipelinesvc.exe

2009-04-24 20:36 . 2009-03-03 04:39	26112	----a-w	c:\windows\system32\printfilterpipelineprxy.dll

2009-04-24 20:36 . 2009-03-03 04:39	183296	----a-w	c:\windows\system32\sdohlp.dll

2009-04-24 20:36 . 2009-03-03 04:37	98304	----a-w	c:\windows\system32\iasrecst.dll

2009-04-24 20:36 . 2009-03-03 04:37	44032	----a-w	c:\windows\system32\iasdatastore.dll

2009-04-24 20:36 . 2009-03-03 04:37	54784	----a-w	c:\windows\system32\iasads.dll

2009-04-24 20:36 . 2009-03-03 02:38	17408	----a-w	c:\windows\system32\iashost.exe

2009-04-24 20:36 . 2008-10-29 06:29 2927104	----a-w	c:\windows\explorer.exe

2009-04-24 20:34 . 2008-12-16 02:42 288768	----a-w	c:\windows\system32\drivers\srv.sys

2009-04-24 20:26 . 2008-10-16 21:09	43544	----a-w	c:\windows\system32\wups2.dll

2009-04-24 20:26 . 2008-10-16 21:09	51224	----a-w	c:\windows\system32\wuauclt.exe

2009-04-24 20:26 . 2008-10-16 20:56 1524736	----a-w	c:\windows\system32\wucltux.dll

2009-04-24 20:26 . 2008-10-16 21:13 1809944	----a-w	c:\windows\system32\wuaueng.dll

2009-04-24 20:25 . 2008-10-16 21:08	34328	----a-w	c:\windows\system32\wups.dll

2009-04-24 20:25 . 2008-10-16 20:55	83456	----a-w	c:\windows\system32\wudriver.dll

2009-04-24 20:25 . 2008-10-16 21:12 561688	----a-w	c:\windows\system32\wuapi.dll

2009-04-24 20:25 . 2008-10-16 12:08 162064	----a-w	c:\windows\system32\wuwebv.dll

2009-04-24 20:25 . 2008-10-16 11:56	31232	----a-w	c:\windows\system32\wuapp.exe

2009-04-24 20:15 . 2009-05-17 13:56	64926	----a-w	c:\programdata\nvModes.dat

2009-04-24 20:15 . 2009-05-17 13:56	64926	----a-w	c:\users\All Users\nvModes.dat

2009-04-24 20:14 . 2009-05-15 13:50	--------	d-----w	c:\programdata\NVIDIA

2009-04-24 20:14 . 2009-05-15 13:50	--------	d-----w	c:\users\All Users\NVIDIA

2009-04-24 20:05 . 2008-05-07 04:29	45567769	----a-w	c:\windows\system32\acer.exe

2009-04-24 20:05 . 2007-04-19 11:41	83554304	----a-w	c:\windows\system32\acer.scr

2009-04-24 20:05 . 2009-04-24 20:05	--------	d-----w	c:\program files\Acer Incorporated

2009-04-24 20:05 . 2009-04-24 20:05	--------	d-----w	c:\windows\ACER

2009-04-24 19:56 . 2008-01-16 16:35	44544	----a-w	c:\windows\system32\msxml4a.dll

2009-04-24 19:54 . 2009-04-27 17:28	--------	d-----w	c:\programdata\CyberLink


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-17 14:00 . 2008-01-21 06:24 662056	----a-w	c:\windows\system32\perfh015.dat

2009-05-17 14:00 . 2008-01-21 06:24 126908	----a-w	c:\windows\system32\perfc015.dat

2009-05-16 12:36 . 2009-01-11 08:27	--------	d-----w	c:\program files\Acer GameZone

2009-05-15 14:01 . 2009-01-11 07:42	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-05-15 14:01 . 2009-01-11 07:42 319456	----a-w	c:\windows\DIFxAPI.dll

2009-05-13 11:01 . 2009-01-11 08:22	--------	d-----w	c:\program files\Microsoft

2009-05-13 10:56 . 2006-11-02 11:18	--------	d-----w	c:\program files\Windows Mail

2009-05-05 09:58 . 2009-01-11 08:09	--------	d-----w	c:\program files\Microsoft Works

2009-05-05 09:04 . 2009-01-11 07:39	--------	d-----w	c:\program files\Intel

2009-05-02 07:59 . 2009-01-11 08:39	--------	d-----w	c:\program files\Big Kahuna Reef

2009-04-30 20:02 . 2009-04-30 20:02	4224	----a-w	c:\windows\system32\drivers\nvBridge.kmd

2009-04-30 20:02 . 2009-01-11 15:02 983552	----a-w	c:\windows\system32\nvapi.dll

2009-04-30 20:02 . 2009-01-11 15:02	7593472	----a-w	c:\windows\system32\nvd3dum.dll

2009-04-29 15:11 . 2009-01-11 07:57	--------	d-----w	c:\program files\McAfee

2009-04-25 17:46 . 2009-04-25 17:46	72540	----a-w	c:\program files\winx1-041.gif

2009-04-25 07:40 . 2009-04-25 07:40	--------	d-----w	c:\program files\Microsoft Games for Windows - LIVE

2009-04-24 20:04 . 2009-01-11 08:52	--------	d-----w	c:\program files\Cyberlink

2009-04-24 19:39 . 2009-04-24 19:39	0	---ha-w	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-04-24 19:23 . 2009-01-11 07:56	--------	d-----w	c:\program files\Acer

2009-04-17 07:48 . 2009-04-17 07:48 114528	----a-w	c:\windows\system32\drivers\jmcr.sys

2009-03-25 09:06 . 2009-01-11 08:01	40552	----a-w	c:\windows\system32\drivers\mfesmfk.sys

2009-03-25 09:06 . 2009-01-11 08:01	79880	----a-w	c:\windows\system32\drivers\mfeavfk.sys

2009-03-25 09:06 . 2009-01-11 08:01	35272	----a-w	c:\windows\system32\drivers\mfebopk.sys

2009-03-25 09:06 . 2009-01-11 08:01 214024	----a-w	c:\windows\system32\drivers\mfehidk.sys

2009-03-25 09:05 . 2009-01-11 08:01	34216	----a-w	c:\windows\system32\drivers\mferkdk.sys

2009-03-17 03:38 . 2009-04-24 20:37	13824	----a-w	c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-24 20:37	24064	----a-w	c:\windows\system32\amxread.dll

2009-03-08 11:34 . 2009-05-13 11:01	914944	----a-w	c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-13 11:02	43008	----a-w	c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-13 11:02	18944	----a-w	c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-13 11:01	109056	----a-w	c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-13 11:01	109568	----a-w	c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-13 11:01	132608	----a-w	c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-13 11:01	107520	----a-w	c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-13 11:01	107008	----a-w	c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-13 11:01	103936	----a-w	c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-13 11:01 420352	----a-w	c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-13 11:02	72704	----a-w	c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-13 11:02	71680	----a-w	c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-13 11:01	66560	----a-w	c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-13 11:01	169472	----a-w	c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-13 11:02	34816	----a-w	c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-13 11:02	48128	----a-w	c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-13 11:01	45568	----a-w	c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-13 11:02	156160	----a-w	c:\windows\system32\msls31.dll

2008-01-21 02:43 . 2006-11-02 12:50	174	--sha-w	c:\program files\desktop.ini

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38	121392	----a-w	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2009-05-17 135168]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 148888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ autocheck autochk /p \??\G:\[u]0[/u]autocheck autochk *


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{47D3E6CC-55E3-4789-8924-E721E7355503}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{1C7D4C97-AEF5-4D56-9DAD-BD43971AE9B3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6AE1BF65-A453-496C-8F74-7C2A0FA161F0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{5427A5E7-5882-4FEE-BFF8-08380E3116EA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{DD972995-97B9-409F-A2AC-737EFC71C81E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{2BBA221B-8229-49FD-9E22-7AA5955159FE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{87228E6D-2CED-4CC8-AD55-4A948EE6FDBC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{75692EE0-360F-4714-AF05-934910CD5947}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{B4B2B461-187C-48F2-8ED5-22EE8B4899C9}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{71DAE428-2A33-4332-A032-BA1F2757E419}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{F5ACDA67-CD23-4DBC-A7AF-DDC70EFB7B28}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{3BB73353-55DF-41BB-B438-64B92EA8AFD7}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{1BCBA241-1906-44FE-8301-25816A00C0EF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{18F06504-1B45-4931-ABF5-145E96343552}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{792109FC-FF78-412C-B8FC-7DD2BCCAF0AE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{C94FB483-5B8A-437F-B117-88AC3FF34AF9}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{A5436668-EE2E-432B-B3A4-CC571B32D64A}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{DCE9321B-F74D-4F39-A6A2-477A8E2334D3}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{31416785-13B9-4816-A591-579C45E7C0F1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7768CB75-0198-495B-80E1-4904191F0ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{337CF312-AA9C-4AC6-B43F-650F69CC2C36}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"{2DCFC711-4DBE-430C-9000-64C9188F9E20}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

"TCP Query User{33044589-D81F-4B86-B761-CF67DA9F56EB}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{93609F6D-A918-4414-A302-39F4EA873974}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"{57CCAAE5-0AA5-4557-8D7D-1F2941D2FBF0}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E63EAF2F-B74F-4E6B-9047-D9188A052491}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2E21B636-976F-490B-9A09-6691F3834D93}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{73EDD6B5-82A4-45DC-A043-B40BAA676231}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F9CA8029-A300-4AEE-9520-BF2E3702C352}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{08B2C440-6304-4153-8D40-CD12B5C6256A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{92457645-A0DD-4765-BD6F-4E1E429C5551}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{DE85E064-435D-4301-A279-32BCD6F5FD6E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{5458A718-0BFD-4175-B321-09F302FB796A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A320043B-64E6-47E3-9EB2-87D6D691FBFB}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{2B22F45D-0C0C-4729-84C8-EDBC51CF0EF9}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{00B8E9BC-CA36-4706-AA76-C89AB401C3FF}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{E66C6203-330E-43F8-AD53-D0FDA18A5F34}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{6F0338CC-A69F-4510-9407-598F9DFDE8D2}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"{A7F4E32F-E3F5-49DF-B233-BD879EEE8916}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe

"{42724FAD-A91B-48EA-9906-19C9C97E982D}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe

"{E6BFE96E-B1B0-46A0-92B8-45C897E4E685}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{9CAD406D-D167-47EA-A8B3-34517A0A1755}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{B9EE8BD0-799A-4BB6-97B0-2B47C82AD1B1}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{88F8A732-474C-4374-8472-2C81896A3F90}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"TCP Query User{5B05B86C-9CAE-42F4-BAC6-B6BB18EA229A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{9186102D-C8DF-4FE0-802E-36718297C642}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"{87231182-8A53-42F9-91DF-BC2B7DE52E77}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{795BD024-171F-4624-8463-D74E8BF81775}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{9AD2417D-AA76-4236-B10E-5E93EE9A76FF}c:\\users\\łukasz\\program files\\dna\\btdna.exe"= UDP:c:\users\łukasz\program files\dna\btdna.exe:btdna.exe

"UDP Query User{EAB899BA-D3C7-46EA-80B3-209531BFE0B2}c:\\users\\łukasz\\program files\\dna\\btdna.exe"= TCP:c:\users\łukasz\program files\dna\btdna.exe:btdna.exe

"{7C370D3B-2F3B-4614-8B2B-8F9FD98D8DD5}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{36080CCA-E859-49F5-AAD4-DAC6E058B1E1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{71A58955-3777-46B8-98D0-3E82254E7E1E}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{D400140F-7C6E-4CC3-B2C1-B5290A597553}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{350C2622-9268-4818-8532-EAA82FC16344}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6CDCF31E-3651-4D75-9E2C-E17FDE10A7D2}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3D0D538D-490C-4A55-A280-12181091AA2C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{9915A044-1F99-4AF5-BDD9-95B53DCDE60F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F675E8FF-50BB-4493-BC3B-E210455723D1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7305933B-127B-4141-B3B3-A44BFB6AD9AD}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7E1EB306-903A-4CCB-B738-74593DA1FB10}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{2A802ECA-0202-4725-AE18-0A2DB91EDF38}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{9EB1D765-C2E5-42FC-830E-8D04276AD94C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{7D1AAC9C-FEFA-4FAF-8FC3-6CB2F6D66707}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{900EFAE5-0079-456B-99B5-737D29138CEA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{D725C736-CABA-4209-ADFB-B93449B3C491}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{57043E2F-EAB1-462C-9B18-7E8E25F059FD}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{50D995E1-9C35-49A6-8FA1-33D458D0BF43}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6A741880-5209-4EFC-92BC-AD83FFA69D25}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F784E102-56F0-4B4B-A159-96198CD6DDE8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FC572A65-6D45-4B8E-B3B1-5E3564AD5822}"= c:\program files\Skype\Phone\Skype.exe:Skype


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr

"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr

"g:\\mssacn.exe"= G:\mssacn.exe:*:Enabled:ipsec

"c:\\Acer\\Mobility Center\\CompileMOF.exe"= c:\acer\Mobility Center\CompileMOF.exe:*:Enabled:ipsec

"c:\\Program Files\\Acer\\WR_PopUp\\ProductReg.exe"= c:\program files\Acer\WR_PopUp\ProductReg.exe:*:Enabled:ipsec


R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2009-04-24 21:54 61424]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-24 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-01-11 24576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-11 210216]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-04-24 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2009-04-17 114528]

R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2009-01-22 52768]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'


2009-05-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-24 08:53]


2009-01-11 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-24 08:53]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKLM-Run-eRecoveryService - (no file)



.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.ask.com/?o=101764&l=dis

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0409&m=aspire_7730g

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

FF - ProfilePath - c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\5yarjho1.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - www.google.pl

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-17 16:11

Windows 6.0.6001 Service Pack 1 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-2535592915-1434504362-965101354-1000\Software\SecuROM\License information*]

"datasecu"=hex:6a,18,47,cd,57,8d,df,10,2b,69,70,8d,ea,c0,56,cd,97,88,74,51,87,

   ac,e2,8b,0b,c7,01,8e,45,9f,66,e4,44,55,ef,09,f6,25,40,43,84,c7,2b,6a,90,19,\

"rkeysecu"=hex:2d,de,1f,12,03,00,06,ae,79,03,17,73,85,0f,a5,f6


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'Explorer.exe'(6132)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\System32\SysHook.dll

.

Czas ukończenia: 2009-05-17 16:12

ComboFix-quarantined-files.txt 2009-05-17 14:12


Przed: 65 787 584 512 bajtów wolnych

Po: 65 771 982 848 bajtów wolnych


396	--- E O F ---	2009-05-13 12:31

– Dodane 17.05.2009 (N) 16:17 –

Nie wiem jaka bedzie odpowiedz ale regedit i menedzer zadan juz dzialaja :D:D:D

– Dodane 17.05.2009 (N) 16:41 –

To czyli wszystko jest juz ok? tak? A mam jeszcze pytanko… Ten Combofix robil mi jakies czesciowe przywracanie systemu? Duzo opcji w systemie mi sie zresetowalo/poprzestawialo i wrocily dawno skasowane ikonki na pulpit… Dziekuje za pomoc

Wykonaj skan Dr. Web CureIt

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052