Prosze o sprawdzenie loga

[bigbercik]

Kod: Zaznacz wszystko


Logfile of HijackThis v1.99.1
Scan saved at 13:31:40, on 2008-04-18
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Users\kici\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\kici\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.160.0.10:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Bux.to Autoclicker.lnk = ?
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[huber2t]

fix w hijackthis

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

Folder::
C:\Program Files\GamesBar
C:\Program Files\MyGlobalSearch


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

[bigbercik]

Kod: Zaznacz wszystko

ComboFix 08-04-17.1 - kici 2008-04-18 16:34:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.414 [GMT 2:00]
Running from: C:\Users\kici\Desktop\ComboFix.exe
Command switches used :: C:\Users\kici\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-English.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\Program Files\myglobalsearch
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04AA6F9
C:\Program Files\MyGlobalSearch\bar\Cache\[u]0[/u]04ABAD7.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04ABD18.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]04ABE40.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Windows\system32\A2D18CB417.dll
C:\Windows\system32\ACER.exe

.
(((((((((((((((((((((((((   Files Created from 2008-03-18 to 2008-04-18  )))))))))))))))))))))))))))))))
.

2008-04-17 15:03 . 2008-04-17 15:05   1,631   --a------   C:\Bux.to Autoclicker.lnk
2008-04-16 15:10 . 2008-04-16 15:10   <DIR>   d--------   C:\Program Files\Movie Maker 2.6
2008-04-16 14:30 . 2008-04-16 14:30   <DIR>   d--------   C:\Program Files\SystemRequirementsLab
2008-04-16 14:29 . 2008-04-16 14:30   <DIR>   d--------   C:\Users\kici\SystemRequirementsLab
2008-04-16 10:18 . 2008-04-16 10:18   <DIR>   d--------   C:\Program Files\Rockstar Games
2008-04-16 10:11 . 2008-04-16 10:11   <DIR>   d--------   C:\Users\kici\AppData\Roaming\MegauploadToolbar
2008-04-16 10:11 . 2008-04-16 10:11   <DIR>   d--------   C:\Program Files\MegauploadToolbar
2008-04-15 19:04 . 2008-04-15 19:04   <DIR>   d--------   C:\Program Files\Common Files\Thraex Software
2008-04-15 19:04 . 2008-04-18 13:19   <DIR>   d--------   C:\PacSteamT
2008-04-14 18:01 . 2008-04-14 18:01   721,932   --a------   C:\plik.exe
2008-04-11 23:31 . 2008-04-17 22:22   <DIR>   d--------   C:\Users\kici\AppData\Roaming\Skype
2008-04-11 22:38 . 2008-04-11 22:38   <DIR>   d--------   C:\Program Files\Skype
2008-04-11 22:38 . 2008-04-11 22:38   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-04-11 19:36 . 2008-04-17 18:52   <DIR>   d--------   C:\Program Files\Common Files\Steam
2008-04-11 19:26 . 2008-04-15 19:54   <DIR>   d--------   C:\Program Files\Steam
2008-04-09 13:31 . 2008-04-09 13:31   1,025   --a------   C:\Windows\mozver.dat
2008-04-09 07:13 . 2008-02-15 01:19   944,184   --a------   C:\Windows\System32\winload.exe
2008-04-09 07:13 . 2008-02-19 07:10   620,088   --a------   C:\Windows\System32\ci.dll
2008-04-09 07:13 . 2008-02-29 08:39   371,712   --a------   C:\Windows\System32\srcore.dll
2008-04-09 07:13 . 2008-02-29 08:38   313,856   --a------   C:\Windows\System32\rstrui.exe
2008-04-09 07:13 . 2008-02-29 08:39   40,960   --a------   C:\Windows\System32\srclient.dll
2008-04-09 07:13 . 2008-02-29 08:51   19,000   --a------   C:\Windows\System32\kd1394.dll
2008-04-09 07:13 . 2008-02-29 08:38   16,384   --a------   C:\Windows\System32\srdelayed.exe
2008-04-09 07:13 . 2008-02-29 08:34   7,168   --a------   C:\Windows\System32\f3ahvoas.dll
2008-04-09 07:13 . 2008-02-29 08:35   6,656   --a------   C:\Windows\System32\kbd106n.dll
2008-04-08 17:51 . 2008-04-08 17:51   <DIR>   d--------   C:\Automap
2008-04-08 16:38 . 2008-04-18 13:36   <DIR>   d--------   C:\Program Files\Cellmons
2008-04-07 18:19 . 2008-04-07 18:19   177   --a------   C:\ioSpecial.ini
2008-03-29 01:24 . 2008-03-29 01:24   <DIR>   d--------   C:\Users\Gość\AppData\Roaming\Adobe
2008-03-29 01:20 . 2008-03-29 01:20   <DIR>   d--------   C:\Users\Gość\AppData\Roaming\Mozilla
2008-03-29 01:20 . 2008-03-29 01:20   <DIR>   d--------   C:\Users\Gość\AppData\Roaming\Kamerzysta
2008-03-27 14:22 . 2008-03-27 14:22   <DIR>   d--------   C:\Users\kici\AppData\Roaming\Onet
2008-03-27 14:22 . 2008-03-27 14:22   <DIR>   d--------   C:\Users\kici\AppData\Roaming\MozillaControl
2008-03-27 14:22 . 2008-03-27 14:22   <DIR>   d--------   C:\Users\kici\AppData\Roaming\Listonosz
2008-03-24 08:49 . 2008-04-10 07:19   8,224   --a------   C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-03-24 00:10 . 2008-03-24 00:10   <DIR>   d--------   C:\Users\kici\AppData\Roaming\Ulead Systems
2008-03-24 00:05 . 2008-03-24 08:47   <DIR>   d--------   C:\Users\All Users\Ulead Systems
2008-03-24 00:05 . 2008-03-24 08:47   <DIR>   d--------   C:\ProgramData\Ulead Systems
2008-03-24 00:05 . 2008-03-24 00:05   <DIR>   d--------   C:\Program Files\Corel
2008-03-24 00:05 . 2008-03-24 00:08   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-03-23 23:59 . 2008-03-23 23:59   <DIR>   d--------   C:\Windows\Downloaded Installations
2008-03-21 18:58 . 2008-03-21 18:58   <DIR>   d--------   C:\Users\kici\AppData\Roaming\Raxso
2008-03-21 18:58 . 2008-03-21 18:58   <DIR>   d--------   C:\Program Files\Raxso
2008-03-21 18:41 . 2008-03-21 18:51   <DIR>   d--------   C:\Users\All Users\Protexis
2008-03-21 18:41 . 2008-03-21 18:51   <DIR>   d--------   C:\ProgramData\Protexis
2008-03-21 18:09 . 2008-03-21 18:09   <DIR>   d--------   C:\Program Files\Trend Micro
2008-03-18 15:52 . 2008-03-18 15:52   <DIR>   d--------   C:\Program Files\INTERIAPL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 14:34   786,432   --sha-w   C:\Users\Gość\NTUSER.DAT
2008-04-18 14:34   786,432   --sha-w   C:\Users\Gość\NTUSER.DAT
2008-04-18 11:24   ---------   d-----w   C:\ProgramData\Symantec
2008-04-18 11:24   ---------   d-----w   C:\ProgramData\GamesBar
2008-04-18 11:20   ---------   d-----w   C:\Program Files\Tlen.pl
2008-04-17 18:41   ---------   d-----w   C:\Users\kici\AppData\Roaming\skypePM
2008-04-17 14:04   ---------   d-----w   C:\Program Files\Valve
2008-04-16 08:29   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-11 20:38   ---------   d-----w   C:\ProgramData\Skype
2008-04-09 10:23   ---------   d-----w   C:\ProgramData\Microsoft Help
2008-04-08 15:51   ---------   d-----w   C:\Program Files\Tibia
2008-04-07 18:10   ---------   d-----w   C:\Program Files\Common Files\Onet.pl
2008-04-07 16:13   ---------   d-----w   C:\Program Files\Yahoo!
2008-04-07 16:10   ---------   d-----w   C:\Program Files\sXe Injected
2008-04-06 07:15   ---------   d-----w   C:\Program Files\Launch Manager
2008-03-28 23:24   ---------   d-----w   C:\Users\Gość\AppData\Roaming\Adobe
2008-03-28 23:20   ---------   d-----w   C:\Users\Gość\AppData\Roaming\Mozilla
2008-03-28 23:20   ---------   d-----w   C:\Users\Gość\AppData\Roaming\Kamerzysta
2008-03-28 08:21   ---------   d-----w   C:\Program Files\Onet
2008-03-14 21:30   110   ----a-w   C:\Users\kici\AppData\Roaming\wklnhst.dat
2008-02-29 04:16   2,027,008   ----a-w   C:\Windows\System32\win32k.sys
2008-02-28 16:41   ---------   d-----w   C:\Users\kici\AppData\Roaming\Tlen.pl
2008-02-26 20:14   ---------   d-----w   C:\Program Files\BearShare
2008-02-26 12:47   ---------   d-----w   C:\Users\kici\AppData\Roaming\BearShare
2008-02-26 10:27   ---------   d-----w   C:\Program Files\BearShare Applications
2008-02-24 19:22   2,560   ----a-w   C:\Windows\_MSRSTRT.EXE
2008-02-23 16:55   ---------   d-----w   C:\Users\kici\AppData\Roaming\Tibia
2008-02-23 14:18   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-02-23 13:42   ---------   d-----w   C:\Users\kici\AppData\Roaming\Kamerzysta
2008-02-23 13:42   ---------   d-----w   C:\Users\kici\AppData\Roaming\AutoUpdate
2008-02-22 20:06   ---------   d-----w   C:\Users\Gość\AppData\Roaming\Macromedia
2008-02-22 20:06   ---------   d-----w   C:\Users\Gość\AppData\Roaming\ATI
2008-02-22 20:05   ---------   d-s---w   C:\Users\Gość\AppData\Roaming\Microsoft
2008-02-22 20:04   ---------   d-----w   C:\Users\Gość\AppData\Roaming\Identities
2008-02-22 13:58   ---------   d-----w   C:\Users\kici\AppData\Roaming\Talkback
2008-02-21 04:43   826,368   ----a-w   C:\Windows\System32\wininet.dll
2008-02-21 04:43   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-02-21 04:43   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43   296,448   ----a-w   C:\Windows\System32\gdi32.dll
2008-02-21 04:43   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-02-19 20:50   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-02-19 20:50   32   ----a-w   C:\ProgramData\ezsid.dat
2008-02-14 06:39   194,560   ----a-w   C:\Windows\System32\WebClnt.dll
2008-02-14 06:33   24,064   ----a-w   C:\Windows\System32\netcfg.exe
2008-02-14 06:33   22,016   ----a-w   C:\Windows\System32\netiougc.exe
2008-02-14 06:33   167,424   ----a-w   C:\Windows\System32\tcpipcfg.dll
2008-02-03 08:38   87,040   ----a-w   C:\Windows\System32\msoert2.dll
2008-02-03 08:38   49,664   ----a-w   C:\Windows\System32\csrsrv.dll
2008-02-03 08:38   39,424   ----a-w   C:\Windows\System32\ACCTRES.dll
2008-02-03 08:38   376,320   ----a-w   C:\Windows\System32\winsrv.dll
2008-02-03 08:38   205,824   ----a-w   C:\Windows\System32\msoeacct.dll
2008-02-03 08:36   86,016   ----a-w   C:\Windows\System32\icfupgd.dll
2008-02-03 08:36   61,952   ----a-w   C:\Windows\System32\cmifw.dll
2008-02-03 08:36   396,800   ----a-w   C:\Windows\System32\MPSSVC.dll
2008-02-03 08:36   392,192   ----a-w   C:\Windows\System32\FirewallAPI.dll
2008-02-03 08:36   374,456   ----a-w   C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-02-03 08:36   178,688   ----a-w   C:\Windows\System32\iphlpsvc.dll
2008-02-03 08:36   16,896   ----a-w   C:\Windows\System32\wfapigp.dll
2008-02-03 08:34   8,147,968   ----a-w   C:\Windows\System32\wmploc.DLL
2008-02-03 08:34   7,680   ----a-w   C:\Windows\System32\spwmp.dll
2008-02-03 08:34   4,096   ----a-w   C:\Windows\System32\dxmasf.dll
2008-02-03 08:34   2,048   ----a-w   C:\Windows\System32\msxml3r.dll
2008-02-03 08:34   1,191,936   ----a-w   C:\Windows\System32\msxml3.dll
2008-02-03 08:33   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
2008-02-03 08:33   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
2008-02-03 08:33   2,048   ----a-w   C:\Windows\System32\asferror.dll
2008-02-03 08:33   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
2008-02-03 08:32   84,480   ----a-w   C:\Windows\System32\INETRES.dll
2008-02-03 08:32   737,792   ----a-w   C:\Windows\System32\inetcomm.dll
2008-02-03 08:32   2,048   ----a-w   C:\Windows\System32\msxml6r.dll
2008-02-03 08:32   1,335,296   ----a-w   C:\Windows\System32\msxml6.dll
2008-02-03 08:31   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2008-02-03 08:29   788,992   ----a-w   C:\Windows\System32\rpcrt4.dll
2008-02-03 08:28   5,120   ----a-w   C:\Windows\System32\wmi.dll
2008-02-03 08:28   152,576   ----a-w   C:\Windows\System32\imagehlp.dll
2008-02-03 08:27   3,504,824   ----a-w   C:\Windows\System32\ntkrnlpa.exe
2008-02-03 08:27   3,470,520   ----a-w   C:\Windows\System32\ntoskrnl.exe
2008-02-03 08:27   2,048   ----a-w   C:\Windows\System32\tzres.dll
2008-02-03 08:26   750,080   ----a-w   C:\Windows\System32\qmgr.dll
2008-02-03 08:26   633,856   ----a-w   C:\Windows\System32\user32.dll
2008-02-01 23:23   53,080   ----a-w   C:\Windows\System32\wuauclt.exe
2008-02-01 23:23   43,352   ----a-w   C:\Windows\System32\wups2.dll
2008-02-01 23:23   1,712,984   ----a-w   C:\Windows\System32\wuaueng.dll
2008-02-01 23:23   1,524,224   ----a-w   C:\Windows\System32\wucltux.dll
2008-02-01 23:22   80,896   ----a-w   C:\Windows\System32\wudriver.dll
2008-02-01 23:22   549,720   ----a-w   C:\Windows\System32\wuapi.dll
2008-02-01 23:22   33,624   ----a-w   C:\Windows\System32\wups.dll
2008-02-01 23:22   31,232   ----a-w   C:\Windows\System32\wuapp.exe
2008-02-01 23:22   163,000   ----a-w   C:\Windows\System32\wuwebv.dll
2008-01-29 16:29   181,760   ----a-w   C:\Windows\System32\fsquirt.exe
2006-11-02 12:50   174   --sha-w   C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-03 10:31 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-30 21:28 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 14:34 1004136]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 10:36 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 17:42 457728]
"Acer Tour"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 06:44 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:42 22696]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 12:16 206952]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 16:40 260096]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 22:08 95504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\Users\kici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bux.to Autoclicker.lnk - C:\Users\kici\Desktop\Bux.to Autoclicker\Bux.to Autoclicker.exe [2008-04-17 15:03:08 876544]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-06-02 22:46:26 535336]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2008-02-07 22:50:29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DD687045-C9FB-4EE3-9F4B-EDF0F5996149}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{577F3198-4CF2-4088-B1B8-CDA775F737A1}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{72D1FE72-0003-4B5B-9C50-AB6356467B9F}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{6C0AF82D-206F-4F0E-9CAE-AA43108FD970}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{055D1AE9-1458-4F65-91BC-5F99BD11A21B}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{E53333D8-5A67-49ED-9F5D-6932C59EF80B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D03477C3-CB4F-4548-96EE-C1A6EABEE069}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81FE2214-5C80-4944-B5CD-8B1A06D1843A}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{6423FBE7-1DFF-4EAE-9F99-9A7DAC494757}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{E0743C2B-A7AB-41DE-80DD-894410749BE4}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{69795C1A-289F-45F0-B78D-19E807ACC9E0}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{845F2CC1-5437-442B-A724-1A2B75313AB2}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{89C86222-115A-4D98-8FEE-6B75C4EE2C86}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{6DE8B1B4-69B0-41D0-A6DC-C2914997AA72}C:\\program files\\wapster\\aqq\\aqq.exe"= UDP:C:\program files\wapster\aqq\aqq.exe:AQQ
"UDP Query User{42A63859-484C-4CB5-A7AE-3A4E03A3F896}C:\\program files\\wapster\\aqq\\aqq.exe"= TCP:C:\program files\wapster\aqq\aqq.exe:AQQ
"TCP Query User{5ACD0608-66A0-4C43-AB9E-26AE93F8575C}C:\\program files\\valve\\hlds.exe"= UDP:C:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{122E7EE2-4B4C-4953-AD93-04F5D4A5EBC8}C:\\program files\\valve\\hlds.exe"= TCP:C:\program files\valve\hlds.exe:HLDS Launcher
"TCP Query User{78A45DAC-CF72-4D8F-886B-7556F6919751}C:\\program files\\valve\\hlds.exe"= UDP:C:\program files\valve\hlds.exe:HLDS Launcher
"UDP Query User{4E8058CE-E0DE-4BA6-85A4-EE7D7AF7C47A}C:\\program files\\valve\\hlds.exe"= TCP:C:\program files\valve\hlds.exe:HLDS Launcher
"{31BEE067-382C-46A7-98E5-D1327D4153AE}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7974C522-F4E1-4FCD-A902-9F17001BC94B}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0C96D961-6B04-41FA-B174-BDA8F7367878}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{73AA0ED5-A98B-4F58-BE1C-215806EC44DD}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 17:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 17:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 17:43]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080415.002\IDSvix86.sys [2008-02-13 18:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-02 17:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 17:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 19:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 16:19]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-04-10 05:17]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:45]
S3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-17 18:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 18:00:22 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - kici.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 16:40:22
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 16:41:37
ComboFix-quarantined-files.txt  2008-04-18 14:41:30

Pre-Run: 32,875,544,576 bajtów wolnych
Post-Run: 33,558,257,664 bajtów wolnych
.
2008-04-09 10:23:55   --- E O F --- 

[pp3088]

Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\plik.exe
C:\Windows\System32\winload.exe
C:\Windows\System32\rstrui.exe
C:\Windows\System32\srcore.dll
C:\Windows\System32\ci.dll
C:\Windows\System32\srclient.dll
C:\Windows\System32\kd1394.dll
C:\Windows\System32\srdelayed.exe
C:\Windows\System32\f3ahvoas.dll
C:\Windows\System32\kbd106n.dll


Folder::
C:\Users\kici\AppData\Roaming\MegauploadToolbar
C:\Program Files\MegauploadToolbar
C:\Program Files\BearShare Applications


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

[bigbercik]

ten log mi usunol pliki Windows, musiałem formata zrobić,nie było innego wyjścia

[huber2t]

No cóż pan moderator złe pliki kazał ci usunąc
trudno aby takich sytuacji było jak najmiej

miedzy innymi to jest plik systemowy "System32\winload.exe" jego nazwa sugeruje nam do czego służy

[bigbercik]

jak nie wie co usunąć to powinien sie nie tykać wogule, ja tyle swoich plików straciłem, po prostu Zal..

[pp3088]

Bardzo przepraszam. Za pózno się zorientowałem, że te logi są z Visty.

Jeszcze raz przepraszam .

[bigbercik]

nic sie nie stało tylko mam limity na Radipie a prawie ściągnołem battlefielda2