dobra juz ogarnelem oto log z combofixa:
ComboFix 09-05-16.05 - Łukasz 2009-05-17 16:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3066.2037 [GMT 2:00]
Uruchomiony z: c:\users\Łukasz\Downloads\ComboFix.exe
Użyto następujących komend :: c:\users\Łukasz\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-17 do 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-15 14:01 . 2009-05-15 14:01 -------- d--h--w c:\program files\Temp
2009-05-15 10:00 . 2009-05-15 10:00 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-15 10:00 . 2009-05-15 12:07 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 09:59 . 2009-05-15 12:07 183112 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-10 23:34 . 2009-05-10 23:35 286720 ------w c:\windows\Setup1.exe
2009-05-10 23:34 . 2009-05-10 23:35 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-09 15:36 . 2009-05-09 15:53 -------- d-----w c:\users\Laurka\AppData\Local\Microsoft Games
2009-05-08 14:31 . 2009-05-15 09:38 -------- d-----w c:\program files\EA GAMES
2009-05-08 13:55 . 2009-05-08 14:27 -------- d-----w c:\program files\Alcohol Soft
2009-05-08 13:48 . 2009-05-08 13:48 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-07 19:04 . 2009-05-07 19:04 -------- d-----w c:\windows\Sun
2009-05-07 19:02 . 2009-05-07 19:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-07 19:02 . 2009-05-07 19:02 -------- d-----w c:\program files\Java
2009-05-06 19:25 . 2009-05-10 07:53 -------- d-----w c:\users\Jagodzianka\AppData\Local\Microsoft Games
2009-05-06 18:35 . 2009-05-06 18:35 16384 ----a-w c:\program files\uik.dat
2009-05-06 18:34 . 2009-05-17 10:01 5 ----a-w c:\program files\is.dat
2009-05-06 09:03 . 2009-05-06 09:03 4 ----a-w c:\windows\system32\proc97.bin
2009-05-06 05:11 . 2009-05-06 05:11 -------- d-----w c:\users\All Users\Real
2009-05-06 05:11 . 2009-05-06 05:11 -------- d-----w c:\program files\Real Alternative
2009-05-05 10:00 . 2009-05-05 10:00 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\users\Public\Roaming
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\users\Laurka\Roaming
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\users\Default\Roaming
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\programdata\Roaming
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\users\All Users\Roaming
2009-05-05 09:05 . 2009-05-05 09:05 -------- d-----w c:\program files\Cisco
2009-05-05 09:04 . 2009-05-05 09:04 -------- d-----w c:\program files\Common Files\Intel
2009-05-05 09:04 . 2009-05-05 09:04 -------- d-----w c:\programdata\Intel
2009-05-05 09:04 . 2009-05-05 09:04 -------- d-----w c:\users\All Users\Intel
2009-05-03 18:02 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-03 18:01 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-03 18:01 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-03 18:01 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-03 18:01 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-03 18:01 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-03 18:01 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-03 18:01 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-03 18:01 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-05-03 18:01 . 2009-05-03 18:02 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-03 14:55 . 2009-05-17 10:55 -------- d-----w c:\program files\NAPI-PROJEKT
2009-05-03 14:55 . 2009-05-15 08:21 -------- d-----w c:\program files\ALLPlayer
2009-05-03 14:30 . 2009-05-07 21:47 -------- d-----w c:\program files\uTorrent
2009-05-02 09:42 . 2009-05-02 09:42 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-02 09:27 . 2009-05-02 09:34 -------- d-----w c:\program files\CometBird
2009-05-02 07:06 . 2009-05-02 07:06 -------- d-----w c:\windows\system32\AGEIA
2009-05-02 07:06 . 2009-05-02 07:07 -------- d-----w c:\program files\AGEIA Technologies
2009-05-02 07:06 . 2009-05-02 07:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-02 04:41 . 2009-05-02 04:42 -------- d-----w c:\program files\Nowe Gadu-Gadu
2009-04-30 22:08 . 2009-04-30 22:08 1194528 ----a-w c:\windows\system32\nvcplui.exe
2009-04-30 22:08 . 2009-04-30 22:08 1505824 ----a-w c:\windows\system32\nvcpluir.dll
2009-04-30 22:08 . 2009-04-30 22:08 1292832 ----a-w c:\windows\system32\nvsvs.dll
2009-04-30 22:08 . 2009-04-30 22:08 1358368 ----a-w c:\windows\system32\nvsvsr.dll
2009-04-30 20:02 . 2009-04-30 20:02 9850016 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 20:02 . 2009-04-30 20:02 1704960 ----a-w c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 10366976 ----a-w c:\windows\system32\nvoglv32.dll
2009-04-30 20:02 . 2009-04-30 20:02 3128320 ----a-w c:\windows\system32\nvwgf2um.dll
2009-04-28 18:08 . 2009-04-28 18:08 143360 ----a-w c:\windows\system32\nvcod.dll
2009-04-28 18:08 . 2009-04-28 18:08 143360 ----a-w c:\windows\system32\nvcod146.dll
2009-04-28 18:08 . 2009-04-28 18:08 457248 ----a-w c:\windows\system32\nvudisp.exe
2009-04-26 15:36 . 2009-04-26 15:36 -------- d-----w c:\programdata\302FC
2009-04-26 15:36 . 2009-04-26 15:36 -------- d-----w c:\users\All Users\302FC
2009-04-26 13:01 . 2009-04-26 13:01 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-26 12:59 . 2009-04-26 12:59 -------- d-----w c:\program files\Common Files\Skype
2009-04-26 12:59 . 2009-04-26 12:59 -------- d-----r c:\program files\Skype
2009-04-26 12:59 . 2009-04-26 12:59 -------- d-----w c:\programdata\Skype
2009-04-26 12:59 . 2009-04-26 12:59 -------- d-----w c:\users\All Users\Skype
2009-04-26 11:58 . 2009-04-26 16:58 -------- d-----w c:\programdata\Ubisoft
2009-04-26 11:58 . 2009-04-26 16:58 -------- d-----w c:\users\All Users\Ubisoft
2009-04-25 17:54 . 2009-05-06 07:07 71280 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-25 17:54 . 2009-04-25 17:54 -------- d-----w c:\users\Laurka\AppData\Local\PlayMovie
2009-04-25 17:54 . 2009-04-25 17:54 -------- d-----w c:\users\Laurka\AppData\Local\Google
2009-04-25 17:54 . 2009-04-25 17:54 -------- d-----w c:\users\Laurka\AppData\Local\PowerCinema
2009-04-25 17:54 . 2009-04-25 17:54 8224 ----a-w c:\users\Laurka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-25 17:54 . 2009-04-25 17:54 -------- d-----r c:\users\Laurka\Searches
2009-04-25 12:06 . 2009-04-25 12:06 -------- d-----w c:\programdata\TEMP
2009-04-25 12:06 . 2009-04-25 12:06 -------- d-----w c:\users\All Users\TEMP
2009-04-25 07:57 . 2009-04-25 07:57 0 ----a-w c:\windows\nsreg.dat
2009-04-25 06:38 . 2009-05-02 09:01 -------- d-----w c:\program files\Rockstar Games
2009-04-24 20:47 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-24 20:47 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-24 20:47 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-24 20:47 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-24 20:47 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-24 20:47 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-24 20:47 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-24 20:42 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-24 20:42 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-24 20:42 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-24 20:42 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-24 20:42 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-24 20:39 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-04-24 20:39 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-24 20:36 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-24 20:36 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-24 20:36 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-24 20:36 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-24 20:36 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-24 20:36 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-24 20:36 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-24 20:36 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-24 20:36 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-24 20:36 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-24 20:36 . 2008-10-29 06:29 2927104 ----a-w c:\windows\explorer.exe
2009-04-24 20:34 . 2008-12-16 02:42 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-24 20:26 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-24 20:26 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-04-24 20:26 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-04-24 20:26 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-04-24 20:25 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-24 20:25 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-04-24 20:25 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-24 20:25 . 2008-10-16 12:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-04-24 20:25 . 2008-10-16 11:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-04-24 20:15 . 2009-05-17 13:56 64926 ----a-w c:\programdata\nvModes.dat
2009-04-24 20:15 . 2009-05-17 13:56 64926 ----a-w c:\users\All Users\nvModes.dat
2009-04-24 20:14 . 2009-05-15 13:50 -------- d-----w c:\programdata\NVIDIA
2009-04-24 20:14 . 2009-05-15 13:50 -------- d-----w c:\users\All Users\NVIDIA
2009-04-24 20:05 . 2008-05-07 04:29 45567769 ----a-w c:\windows\system32\acer.exe
2009-04-24 20:05 . 2007-04-19 11:41 83554304 ----a-w c:\windows\system32\acer.scr
2009-04-24 20:05 . 2009-04-24 20:05 -------- d-----w c:\program files\Acer Incorporated
2009-04-24 20:05 . 2009-04-24 20:05 -------- d-----w c:\windows\ACER
2009-04-24 19:56 . 2008-01-16 16:35 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-24 19:54 . 2009-04-27 17:28 -------- d-----w c:\programdata\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 14:00 . 2008-01-21 06:24 662056 ----a-w c:\windows\system32\perfh015.dat
2009-05-17 14:00 . 2008-01-21 06:24 126908 ----a-w c:\windows\system32\perfc015.dat
2009-05-16 12:36 . 2009-01-11 08:27 -------- d-----w c:\program files\Acer GameZone
2009-05-15 14:01 . 2009-01-11 07:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-15 14:01 . 2009-01-11 07:42 319456 ----a-w c:\windows\DIFxAPI.dll
2009-05-13 11:01 . 2009-01-11 08:22 -------- d-----w c:\program files\Microsoft
2009-05-13 10:56 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-05 09:58 . 2009-01-11 08:09 -------- d-----w c:\program files\Microsoft Works
2009-05-05 09:04 . 2009-01-11 07:39 -------- d-----w c:\program files\Intel
2009-05-02 07:59 . 2009-01-11 08:39 -------- d-----w c:\program files\Big Kahuna Reef
2009-04-30 20:02 . 2009-04-30 20:02 4224 ----a-w c:\windows\system32\drivers\nvBridge.kmd
2009-04-30 20:02 . 2009-01-11 15:02 983552 ----a-w c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2009-01-11 15:02 7593472 ----a-w c:\windows\system32\nvd3dum.dll
2009-04-29 15:11 . 2009-01-11 07:57 -------- d-----w c:\program files\McAfee
2009-04-25 17:46 . 2009-04-25 17:46 72540 ----a-w c:\program files\winx1-041.gif
2009-04-25 07:40 . 2009-04-25 07:40 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-24 20:04 . 2009-01-11 08:52 -------- d-----w c:\program files\Cyberlink
2009-04-24 19:39 . 2009-04-24 19:39 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-24 19:23 . 2009-01-11 07:56 -------- d-----w c:\program files\Acer
2009-04-17 07:48 . 2009-04-17 07:48 114528 ----a-w c:\windows\system32\drivers\jmcr.sys
2009-03-25 09:06 . 2009-01-11 08:01 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2009-01-11 08:01 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2009-01-11 08:01 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2009-01-11 08:01 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2009-01-11 08:01 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-17 03:38 . 2009-04-24 20:37 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-24 20:37 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-13 11:01 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-13 11:02 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-13 11:02 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-13 11:01 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-13 11:01 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-13 11:01 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-13 11:01 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-13 11:01 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-13 11:01 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-13 11:01 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-13 11:02 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-13 11:02 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-13 11:01 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-13 11:01 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-13 11:02 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-13 11:02 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-13 11:01 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-13 11:02 156160 ----a-w c:\windows\system32\msls31.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2009-05-17 135168]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-07 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\[u]0[/u]autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{47D3E6CC-55E3-4789-8924-E721E7355503}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{1C7D4C97-AEF5-4D56-9DAD-BD43971AE9B3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AE1BF65-A453-496C-8F74-7C2A0FA161F0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5427A5E7-5882-4FEE-BFF8-08380E3116EA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{DD972995-97B9-409F-A2AC-737EFC71C81E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{2BBA221B-8229-49FD-9E22-7AA5955159FE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{87228E6D-2CED-4CC8-AD55-4A948EE6FDBC}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{75692EE0-360F-4714-AF05-934910CD5947}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{B4B2B461-187C-48F2-8ED5-22EE8B4899C9}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{71DAE428-2A33-4332-A032-BA1F2757E419}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F5ACDA67-CD23-4DBC-A7AF-DDC70EFB7B28}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3BB73353-55DF-41BB-B438-64B92EA8AFD7}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{1BCBA241-1906-44FE-8301-25816A00C0EF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{18F06504-1B45-4931-ABF5-145E96343552}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{792109FC-FF78-412C-B8FC-7DD2BCCAF0AE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C94FB483-5B8A-437F-B117-88AC3FF34AF9}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{A5436668-EE2E-432B-B3A4-CC571B32D64A}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{DCE9321B-F74D-4F39-A6A2-477A8E2334D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{31416785-13B9-4816-A591-579C45E7C0F1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7768CB75-0198-495B-80E1-4904191F0ADF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{337CF312-AA9C-4AC6-B43F-650F69CC2C36}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{2DCFC711-4DBE-430C-9000-64C9188F9E20}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"TCP Query User{33044589-D81F-4B86-B761-CF67DA9F56EB}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{93609F6D-A918-4414-A302-39F4EA873974}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{57CCAAE5-0AA5-4557-8D7D-1F2941D2FBF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E63EAF2F-B74F-4E6B-9047-D9188A052491}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E21B636-976F-490B-9A09-6691F3834D93}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{73EDD6B5-82A4-45DC-A043-B40BAA676231}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F9CA8029-A300-4AEE-9520-BF2E3702C352}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08B2C440-6304-4153-8D40-CD12B5C6256A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{92457645-A0DD-4765-BD6F-4E1E429C5551}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DE85E064-435D-4301-A279-32BCD6F5FD6E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5458A718-0BFD-4175-B321-09F302FB796A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A320043B-64E6-47E3-9EB2-87D6D691FBFB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2B22F45D-0C0C-4729-84C8-EDBC51CF0EF9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00B8E9BC-CA36-4706-AA76-C89AB401C3FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E66C6203-330E-43F8-AD53-D0FDA18A5F34}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{6F0338CC-A69F-4510-9407-598F9DFDE8D2}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"{A7F4E32F-E3F5-49DF-B233-BD879EEE8916}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{42724FAD-A91B-48EA-9906-19C9C97E982D}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{E6BFE96E-B1B0-46A0-92B8-45C897E4E685}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{9CAD406D-D167-47EA-A8B3-34517A0A1755}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{B9EE8BD0-799A-4BB6-97B0-2B47C82AD1B1}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{88F8A732-474C-4374-8472-2C81896A3F90}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{5B05B86C-9CAE-42F4-BAC6-B6BB18EA229A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{9186102D-C8DF-4FE0-802E-36718297C642}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{87231182-8A53-42F9-91DF-BC2B7DE52E77}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{795BD024-171F-4624-8463-D74E8BF81775}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{9AD2417D-AA76-4236-B10E-5E93EE9A76FF}c:\\users\\łukasz\\program files\\dna\\btdna.exe"= UDP:c:\users\łukasz\program files\dna\btdna.exe:btdna.exe
"UDP Query User{EAB899BA-D3C7-46EA-80B3-209531BFE0B2}c:\\users\\łukasz\\program files\\dna\\btdna.exe"= TCP:c:\users\łukasz\program files\dna\btdna.exe:btdna.exe
"{7C370D3B-2F3B-4614-8B2B-8F9FD98D8DD5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36080CCA-E859-49F5-AAD4-DAC6E058B1E1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{71A58955-3777-46B8-98D0-3E82254E7E1E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D400140F-7C6E-4CC3-B2C1-B5290A597553}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{350C2622-9268-4818-8532-EAA82FC16344}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6CDCF31E-3651-4D75-9E2C-E17FDE10A7D2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3D0D538D-490C-4A55-A280-12181091AA2C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9915A044-1F99-4AF5-BDD9-95B53DCDE60F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F675E8FF-50BB-4493-BC3B-E210455723D1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7305933B-127B-4141-B3B3-A44BFB6AD9AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7E1EB306-903A-4CCB-B738-74593DA1FB10}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2A802ECA-0202-4725-AE18-0A2DB91EDF38}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9EB1D765-C2E5-42FC-830E-8D04276AD94C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7D1AAC9C-FEFA-4FAF-8FC3-6CB2F6D66707}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{900EFAE5-0079-456B-99B5-737D29138CEA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D725C736-CABA-4209-ADFB-B93449B3C491}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{57043E2F-EAB1-462C-9B18-7E8E25F059FD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{50D995E1-9C35-49A6-8FA1-33D458D0BF43}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6A741880-5209-4EFC-92BC-AD83FFA69D25}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F784E102-56F0-4B4B-A159-96198CD6DDE8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FC572A65-6D45-4B8E-B3B1-5E3564AD5822}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"g:\\mssacn.exe"= G:\mssacn.exe:*:Enabled:ipsec
"c:\\Acer\\Mobility Center\\CompileMOF.exe"= c:\acer\Mobility Center\CompileMOF.exe:*:Enabled:ipsec
"c:\\Program Files\\Acer\\WR_PopUp\\ProductReg.exe"= c:\program files\Acer\WR_PopUp\ProductReg.exe:*:Enabled:ipsec
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2009-04-24 21:54 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-24 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-01-11 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-11 210216]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-04-24 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2009-04-17 114528]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2009-01-22 52768]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'
2009-05-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-24 08:53]
2009-01-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-24 08:53]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&s=2&o=vp32&d=0409&m=aspire_7730g
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\5yarjho1.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:11
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-2535592915-1434504362-965101354-1000\Software\SecuROM\License information*]
"datasecu"=hex:6a,18,47,cd,57,8d,df,10,2b,69,70,8d,ea,c0,56,cd,97,88,74,51,87,
ac,e2,8b,0b,c7,01,8e,45,9f,66,e4,44,55,ef,09,f6,25,40,43,84,c7,2b,6a,90,19,\
"rkeysecu"=hex:2d,de,1f,12,03,00,06,ae,79,03,17,73,85,0f,a5,f6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'Explorer.exe'(6132)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Czas ukończenia: 2009-05-17 16:12
ComboFix-quarantined-files.txt 2009-05-17 14:12
Przed: 65 787 584 512 bajtów wolnych
Po: 65 771 982 848 bajtów wolnych
396 --- E O F --- 2009-05-13 12:31
– Dodane 17.05.2009 (N) 16:17 –
Nie wiem jaka bedzie odpowiedz ale regedit i menedzer zadan juz dzialaja :D:D:D
– Dodane 17.05.2009 (N) 16:41 –
To czyli wszystko jest juz ok? tak? A mam jeszcze pytanko… Ten Combofix robil mi jakies czesciowe przywracanie systemu? Duzo opcji w systemie mi sie zresetowalo/poprzestawialo i wrocily dawno skasowane ikonki na pulpit… Dziekuje za pomoc