,strony internetowe wolno sie otwieraja,prosze o sprawdzenie mojego loga

[moxia]

strony internetowe wolno sie otwieraja,prosze wiec o sprawdzenie mojego loga,dziekuje

ComboFix 09-05-25.07 - mhj 2009-05-26 12:49.1 - NTFSx86Microsoft? Windows Vista? Home Premium   6.0.6001.1.1250.48.1045.18.3066.2093 [GMT 2:00]Uruchomiony z: c:\users\mhj\Desktop\ComboFix.exeSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).D:\desktop.ini.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-26 do 2009-05-26  ))))))))))))))))))))))))))))))).2009-05-26 10:55 . 2009-05-26 10:55	 --------		d-----w c:\users\mhj\AppData\Local\temp2009-05-26 10:55 . 2009-05-26 10:55	 --------		d-----w c:\users\hubert\AppData\Local\temp2009-05-26 10:29 . 2009-05-06 18:06	 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{66440E10-7F25-4AFC-848C-350E11BDA802}\mpengine.dll2009-05-24 19:24 . 2009-05-24 19:24	 --------		d-----w c:\program files\RocketDock2009-05-24 18:46 . 2009-05-24 18:46	 --------		d-----w c:\users\mhj\AppData\Local\Nero2009-05-24 10:41 . 2009-05-24 10:42	 --------		d-----w c:\program files\Picasa22009-05-22 17:32 . 2009-05-22 17:32	 --------		d-----w c:\program files\Rapid Express2009-05-22 10:07 . 2008-07-02 07:36	 819200  ----a-w c:\users\mhj\AppData\Roaming\Mozilla\Firefox\Profiles\f1rbk7e4.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll2009-05-09 22:38 . 2009-05-09 22:38	 --------		d-----w c:\program files\Activision2009-05-08 22:59 . 2009-05-08 22:59	 --------		d-----w c:\windows\system32\AGEIA2009-05-08 22:59 . 2009-05-09 20:54	 --------		d-----w c:\program files\AGEIA Technologies2009-05-08 22:59 . 2009-05-09 20:54	 --------		d-----w c:\program files\Common Files\Wise Installation Wizard2009-05-07 21:31 . 2009-05-07 21:31	 --------		d-----w c:\program files\WLAN_Software2009-05-07 21:31 . 2007-08-17 13:14	 891392  ----a-w c:\windows\system32\drivers\athrusb.sys2009-05-07 21:31 . 2009-05-07 21:31	 --------		d-----w c:\program files\AutoInstall2009-05-07 18:34 . 2009-05-07 18:34	 --------		d-----w c:\program files\Common Files\Adobe AIR2009-05-07 18:33 . 2009-05-07 18:33	 --------		d-----w c:\users\mhj\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-05-07 18:33 . 2009-05-07 18:33	 38208   ----a-w c:\users\mhj\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-04 11:05 . 2008-07-02 07:36	 819200  ----a-w c:\users\mhj\AppData\Roaming\Mozilla\Firefox\Profiles\f1rbk7e4.default\extensions\SignPlugin@bph.pl-trash\plugins\NPSignPlugin.dll2009-05-01 18:30 . 2009-05-01 18:30	 3366912 ----a-w c:\windows\system32\GPhotos.scr2009-04-28 18:13 . 2009-04-28 18:13	 --------		d-----w c:\program files\Photodex Presenter2009-04-28 18:13 . 2009-04-28 18:13	 --------		d-----w c:\program files\Photodex2009-04-28 18:13 . 2009-04-28 18:13	 --------		d-----w c:\users\mhj\AppData\Roaming\Photodex2009-04-28 18:08 . 2009-04-28 18:08	 --------		d-----w c:\users\mhj\AppData\Roaming\gtk-2.02009-04-28 18:06 . 2009-04-28 18:06	 --------		d-----w c:\users\mhj\.thumbnails2009-04-28 18:04 . 2009-05-08 21:37	 --------		d-----w c:\users\mhj\.gimp-2.62009-04-28 18:04 . 2009-04-28 18:04	 --------		d-----w c:\users\mhj\.gegl-0.02009-04-28 18:04 . 2009-04-28 18:04	 --------		d-----w c:\program files\GIMP-2.02009-04-26 21:01 . 2009-04-26 21:08	 --------		d-s---w c:\users\Public\Virtual CDs.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-26 10:32 . 2008-05-13 07:59	 698056  ----a-w c:\windows\system32\perfh015.dat2009-05-26 10:32 . 2008-05-13 07:59	 146632  ----a-w c:\windows\system32\perfc015.dat2009-05-26 10:26 . 2008-10-20 15:25	 72249   ----a-w c:\programdata\nvModes.dat2009-05-24 22:28 . 2008-10-20 15:27	 12	  ----a-w c:\windows\bthservsdp.dat2009-05-16 23:26 . 2008-10-22 17:37	 --------		d-----w c:\users\mhj\AppData\Roaming\Skype2009-05-16 22:02 . 2009-02-20 22:30	 --------		d-----w c:\users\mhj\AppData\Roaming\skypePM2009-05-16 22:00 . 2008-11-01 22:24	 --------		d-----w c:\program files\Winamp2009-05-16 21:57 . 2008-11-01 22:24	 --------		d-----w c:\users\mhj\AppData\Roaming\Winamp2009-05-16 09:21 . 2008-05-12 22:12	 --------		d-----w c:\programdata\Microsoft Help2009-05-16 09:19 . 2006-11-02 11:18	 --------		d-----w c:\program files\Windows Mail2009-05-09 19:59 . 2008-05-12 22:04	 --------		d--h--w c:\program files\InstallShield Installation Information2009-05-08 11:16 . 2009-02-13 11:47	 1010	----a-w c:\users\mhj\AppData\Roaming\wklnhst.dat2009-05-07 19:41 . 2009-02-28 18:53	 --------		d-----w c:\users\mhj\AppData\Roaming\Nowe Gadu-Gadu2009-05-07 17:56 . 2009-03-27 21:05	 --------		d-----w c:\users\mhj\AppData\Roaming\Any Video Converter2009-05-03 15:55 . 2009-04-09 18:27	 --------		d-----w c:\program files\SopCast2009-04-25 17:12 . 2009-04-25 17:12	 2560	----a-w c:\windows\_MSRSTRT.EXE2009-04-24 21:47 . 2009-03-03 23:32	 --------		d-----w c:\users\mhj\AppData\Roaming\GuiltyGearIsukaNA2009-04-22 20:18 . 2009-04-22 20:14	 --------		d-----w c:\users\mhj\AppData\Roaming\MozillaControl2009-04-19 09:58 . 2009-04-19 09:58	 --------		d-----w c:\programdata\Synetic2009-04-17 21:26 . 2009-04-17 21:24	 --------		d-----w c:\program files\Spyware Doctor2009-04-17 21:25 . 2009-04-17 21:24	 --------		d-----w c:\program files\Common Files\PC Tools2009-04-17 21:24 . 2009-04-17 21:24	 --------		d-----w c:\users\mhj\AppData\Roaming\PC Tools2009-04-17 21:24 . 2009-04-17 21:24	 --------		d-----w c:\programdata\PC Tools2009-04-17 21:21 . 2009-04-15 21:22	 --------		d-----w c:\users\mhj\AppData\Roaming\Simply Super Software2009-04-15 21:22 . 2009-04-15 21:22	 --------		d-----w c:\programdata\Simply Super Software2009-04-11 17:54 . 2009-04-11 17:54	 --------		d-----w c:\programdata\Electronic Arts2009-04-11 17:52 . 2009-04-11 17:52	 1280	----a-w c:\windows\system32\ealregsnapshot1.reg2009-04-10 22:01 . 2008-10-29 21:25	 --------		d-----w c:\program files\Common Files\Adobe2009-04-08 18:57 . 2009-04-08 18:57	 --------		d-----w c:\program files\ESET2009-04-08 18:27 . 2008-05-12 22:09	 --------		d-----w c:\programdata\McAfee2009-04-08 16:48 . 2009-04-08 16:48	 781656  ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2009-04-05 14:28 . 2009-04-05 12:14	 --------		d-----w c:\users\mhj\AppData\Roaming\PC Suite2009-04-05 14:28 . 2009-04-05 14:23	 --------		d-----w c:\users\mhj\AppData\Roaming\Nokia2009-03-29 19:34 . 2008-05-12 22:16	 --------		d-----w c:\program files\Acer GameZone2009-03-29 19:29 . 2009-02-28 09:24	 --------		d-----w c:\program files\Games2009-03-28 13:30 . 2009-03-28 13:30	 --------		d-----w c:\program files\SpeedFan2009-03-27 21:05 . 2009-03-27 21:05	 --------		d-----w c:\program files\Any Video Converter2009-03-19 09:45 . 2009-03-19 09:45	 93312   ----a-w c:\windows\system32\drivers\epfwwfpr.sys2009-03-19 09:44 . 2009-03-19 09:44	 107256  ----a-w c:\windows\system32\drivers\ehdrv.sys2009-03-19 09:41 . 2009-03-19 09:41	 113960  ----a-w c:\windows\system32\drivers\eamon.sys2009-03-17 03:38 . 2009-04-14 20:30	 13824   ----a-w c:\windows\system32\apilogen.dll2009-03-17 03:38 . 2009-04-14 20:30	 24064   ----a-w c:\windows\system32\amxread.dll2009-03-06 14:45 . 2009-04-17 21:24	 130424  ----a-w c:\windows\system32\drivers\PCTCore.sys2009-03-03 04:46 . 2009-04-14 20:30	 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe2009-03-03 04:46 . 2009-04-14 20:30	 3547632 ----a-w c:\windows\system32\ntoskrnl.exe2009-03-03 04:40 . 2009-04-14 20:30	 827392  ----a-w c:\windows\system32\wininet.dll2009-03-03 04:39 . 2009-04-14 20:30	 183296  ----a-w c:\windows\system32\sdohlp.dll2009-03-03 04:39 . 2009-04-14 20:30	 551424  ----a-w c:\windows\system32\rpcss.dll2009-03-03 04:39 . 2009-04-14 20:30	 26112   ----a-w c:\windows\system32\printfilterpipelineprxy.dll2009-03-03 04:37 . 2009-04-14 20:30	 78336   ----a-w c:\windows\system32\ieencode.dll2009-03-03 04:37 . 2009-04-14 20:30	 98304   ----a-w c:\windows\system32\iasrecst.dll2009-03-03 04:37 . 2009-04-14 20:30	 54784   ----a-w c:\windows\system32\iasads.dll2009-03-03 04:37 . 2009-04-14 20:30	 44032   ----a-w c:\windows\system32\iasdatastore.dll2009-03-03 03:04 . 2009-04-14 20:30	 666624  ----a-w c:\windows\system32\printfilterpipelinesvc.exe2009-03-03 02:38 . 2009-04-14 20:30	 17408   ----a-w c:\windows\system32\iashost.exe2009-03-03 02:28 . 2009-04-14 20:30	 26624   ----a-w c:\windows\system32\ieUnatt.exe2009-03-01 20:47 . 2009-03-01 20:47	 65536   ----a-w c:\windows\IFinst27.exe2009-02-27 18:57 . 2009-01-11 22:39	 410984  ----a-w c:\windows\system32\deploytk.dll2008-10-21 07:09 . 2008-10-21 07:09	 8192	--sha-w c:\windows\Users\Default\NTUSER.DAT.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2008-03-04 21:38		121392  ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2009-05-07 40960]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-11 752168][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnkbackup=c:\windows\pss\Acer VCM.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^mhj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FullSpeed Updater.exe]path=c:\users\mhj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FullSpeed Updater.exebackup=c:\windows\pss\FullSpeed Updater.exe.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^mhj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]path=c:\users\mhj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnkbackup=c:\windows\pss\hamachi.lnk.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^mhj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]path=c:\users\mhj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkbackup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.StartupbackupExtension=.Startup[HKLM\~\startupfolder\C:^Users^mhj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinFlip.lnk]path=c:\users\mhj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinFlip.lnkbackup=c:\windows\pss\WinFlip.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{B99099F2-6AB4-470B-BB34-627F760ACC3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{13843936-FA99-4DD3-B4A7-7A63787BA8BF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{21F46B6E-FC2F-449C-B43E-2604000C9531}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe"{8DBC28F5-63E8-4612-BB44-D6079EF3A713}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe"{C3DE6CC8-F9A7-438A-B0C4-1408C77B0912}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe"{E0AFF092-7ECD-4707-973E-DDF6E0EC8700}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe"{49E91D78-C8A7-4C2D-BA66-536C05D6FF66}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe"{13BAA624-DE4B-4DB5-B333-9AC10925CE65}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe"{E99D42EF-F334-4F03-BA60-3EB3BB7AB355}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector"{175DFBF2-B9A2-44F0-B5E2-D659B6EC7713}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM"{752F2675-72A6-4790-9CB7-CC7AA8E93CD6}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe"{284D9E0E-C5C4-483D-90F8-D9AB961FDC1D}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie"{DAF64083-8D28-4557-B178-8B7437F68CBF}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program"{8B2CCD95-5337-4B9F-8097-467A0152C7CE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia"{7C71EEFC-7232-4E42-8947-E5B0D440F5ED}"= c:\program files\Skype\Phone\Skype.exe:Skype"{76B75939-3D99-4271-9234-60B7E4C87385}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{506E3E13-7D90-45C7-B03B-1CE7DAF05E2B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{EE229D28-1F88-4973-90BD-63721E986CF1}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{36DD7CC7-7A98-4D10-97BC-120461386EB7}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{9FB7E6E0-6715-415F-8B12-FDE1DD81DC33}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR"{7C50A593-C112-4AF2-92D2-5EE4B0F79BB2}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR"{5DEE05A2-E53F-44A2-83E5-92C1CA3A71D4}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{90AB2835-5515-4FFE-BDA8-443A9BE209D5}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{D5628F8B-6EB0-4AFD-B2D1-C7C1C83C399F}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club"{C837CAB8-2EAB-412E-AC87-32EF170AB25B}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club"{EACC4CF6-F0F3-4AE2-96E1-988104FB7BBB}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV"{B08DFFF0-4F2C-4F41-92DB-1FBBF0CF342C}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV"{6CAAEEB2-469C-4609-979C-33DD94B806FC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA"{B310A08F-52A2-4A2D-BB35-AFA80D698C06}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA"{734F873B-3547-41F6-B87F-B5CC50F6DCD8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB"{DEEBF466-6589-4AFC-B086-4EAB7251E1E7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB"TCP Query User{3C2EFFF8-5516-49D1-90C9-E7E71EC30602}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary"UDP Query User{1B80932B-B71D-4935-8232-9531AEF2CB53}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary"TCP Query User{5C346DA4-10F4-4B1D-B7D1-B71DC6711C9E}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary"UDP Query User{733D4438-51C4-4EB1-9F4D-065C4316C9C6}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary"TCP Query User{A3DE7DDB-0607-4D61-B0C5-DC738C8D51DE}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application"UDP Query User{5916E419-3A83-49A9-AD10-8C9A2E357D71}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application"TCP Query User{ED62B76B-3449-488F-BC8A-BC88DCF86294}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{FD7C5093-7A22-4D5D-8775-403947356181}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver"TCP Query User{E9352B61-1FAF-4DC6-A77C-523E9368A190}c:\\program files\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc"UDP Query User{8BAFD750-ED70-4B65-A392-D94E830C9163}c:\\program files\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc"TCP Query User{CCD955E1-2DC7-40EC-975C-4D0D274800E7}d:\\tempo\\goalserver2009kp\\stun-server-0-96.exe"= UDP:d:\tempo\goalserver2009kp\stun-server-0-96.exe:stun-server-0-96"UDP Query User{20502415-D9A8-47F8-B40E-67EDE7912DF8}d:\\tempo\\goalserver2009kp\\stun-server-0-96.exe"= TCP:d:\tempo\goalserver2009kp\stun-server-0-96.exe:stun-server-0-96"TCP Query User{F51C9C28-24C4-4353-A32F-C8617F321B4F}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"UDP Query User{8C655874-98F2-4358-B5E1-43BE90FDCB93}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009"TCP Query User{48FF5CFD-C42D-47ED-B4C9-78A679257570}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java Platform SE binary"UDP Query User{66EA2AD2-2808-4CAE-A535-1952BFEBC656}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java Platform SE binary"{A5B0F1D0-1291-4635-AF41-721D1E52D51A}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service"{A6DFA41C-E56A-47F4-9550-F6CDCB01A183}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service"TCP Query User{A508067F-003F-4EE4-A829-0F625E22F5F0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"UDP Query User{9A5396CA-52DE-4228-A123-333D79C2BEE2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"{68F15A04-1049-482D-9362-4F38F0FA6DCD}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine"{66766C44-479C-4EC6-8A40-D3E0E63E9637}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - WolverineR0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2009-04-17 130424]R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-03-19 107256]R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2008-10-20 17:53 61424]R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-20 81504]R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-03-19 93312]R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-13 24576]R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-10-20 122368]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-10-20 233472]R3 NETw5v32;Sterownik karty Intel® Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-10-21 3658752]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-09-24 45600]S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2009-05-07 891392]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-01-21 179712]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-11-14 29736]S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-29 33752]S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-17 348752]S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\mhj\Desktop\APLIKACJE\teperatura\WinRing0.sys [2009-03-14 14416]S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-10-20 75776]--- Inne Usługi/Sterowniki w Pamięci ---*Deregistered* - sptd[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs REG_MULTI_SZ	BthServ.Zawartość folderu 'Zaplanowane zadania'2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-841358846-551305231-668691147-1000.job- c:\users\mhj\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 20:49].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-WebAccelerator - (no file)SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uStart Page = hxxp://google.atcomet.com/m/uDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://pl.intl.acer.yahoo.comuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: {EFB90487-D593-4AB5-81AE-CA7353F11D08} = 62.179.1.60,62.179.1.61DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\users\mhj\AppData\Roaming\Mozilla\Firefox\Profiles\f1rbk7e4.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dllFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa2.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Picasa2\npPicasa2.dllFF - plugin: c:\users\mhj\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\users\mhj\AppData\Roaming\Mozilla\Firefox\Profiles\f1rbk7e4.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dllFF - plugin: c:\users\mhj\AppData\Roaming\Mozilla\plugins\npPxPlay.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-26 12:55Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-841358846-551305231-668691147-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F395B2C-1A09-B07D-ECEE-64AB7F11913B}*]"iapdmhbjgblmflhoob"=hex:6a,61,66,67,6e,66,6b,6b,6d,6d,6f,61,62,70,6f,66,6f,66,   66,63,00,04"hanccgppfhoacade"=hex:6a,61,66,67,6e,66,6b,6b,6d,6d,6f,61,62,70,6f,66,6f,66,   66,63,00,01[HKEY_USERS\S-1-5-21-841358846-551305231-668691147-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)"??"=hex:4e,e8,dd,81,a4,eb,72,7a,ea,1b,2f,f4,b0,75,1c,f7,9e,69,83,00,7b,19,7e,   df,6c,80,8c,06,c0,d9,22,4e,9e,1c,74,d5,fd,72,b4,52,34,11,31,03,1f,58,d9,bd,\"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49[HKEY_USERS\S-1-5-21-841358846-551305231-668691147-1000\Software\SecuROM\License information*]"datasecu"=hex:11,a8,42,14,e0,1f,a3,e8,e3,af,f0,0d,e0,f6,08,43,0e,a7,8d,b6,b6,   67,2c,0e,ff,9a,d8,e4,44,e2,86,93,70,92,7a,75,a2,5a,0b,5f,87,3f,7c,55,b0,3a,\"rkeysecu"=hex:ec,1a,d0,5f,4c,ac,44,c3,1f,76,5d,52,24,8b,f2,57[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Czas ukończenia: 2009-05-26 12:57ComboFix-quarantined-files.txt  2009-05-26 10:57Przed: 93 031 690 240 bajtów wolnychPo: 94 961 369 088 bajtów wolnychCurrent=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6323	 --- E O F ---   2009-05-26 10:29

[Gość]

Log jest czysty.

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Użyj programu Malwarebytes' Anti-Malware i daj z niego raport.

.

[moxia]

raport z Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.37Wersja bazy definicji: 2184Windows 6.0.6001 Service Pack 12009-05-27 13:09:38skanowanieTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 213402Upłynęło: 2 hour(s), 28 minute(s), 11 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 4Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 1Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> No action taken.HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> No action taken.Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:C:\Windows\System32\GnucDNA.dll (Adware.WhenUSave) -> No action taken.

[Gość]

Usunąłeś to co znalazł Malwarebytes? Bo w raporcie jakoś nie widzę, żeby coś usuwał.

.

[moxia]

nie nic nie usunolem,zona tylko zapisala mi ten raport bo wczoraj spieszylem sie juz do pracy,a mam to usunac co znajdzie ten Malwarebytes?,a moge to usunac recznie?

Edytowane 28 maja 2009 przez moxia

[Gość]

No niestety, najlepiej by było żeby MBAM to usunął.

.

[moxia]

ok zrobie jeszcze raz skana i usune,jutro dam znow znac

ok usunolem,prosze raport z MBAM

Malwarebytes' Anti-Malware 1.37Wersja bazy definicji: 2193Windows 6.0.6001 Service Pack 12009-05-30 01:32:56mbam-log-2009-05-30 (01-32-56).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 213886Upłynęło: 2 hour(s), 24 minute(s), 16 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 4Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 1Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:C:\Windows\System32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.

[Gość]

No i w porządku.

.

[moxia]

co mam zrobic z tym MBAM bo av juz mam noda,nie beda sie gryzly?czy nie zaszkodzi zostawic sobie ten program?bo gdy wirusy sa w kwarantannie to rozumiem ze programu nie moge sie teraz pozbyc,a co do stron to np onet dalej dlugo sie laduje i brakuje prawie wszystkich zdjec,od razu powiem ze mam flasha,czasem inne strony tez dlugo sie laduja a czaem trwa to doslownie ulamek sekundy,mam internet 10 mb wiec wydaje mi sie ze wszystkie powinny sie tak szybko otwierac,transfer przy sciaganiu sie zgadza,robilem ten speed test i tez jest ok,wiec gdzie moze lezec problem masz jeszcze jakis pomysl?

[Gość]

MBAM to skaner, nie AV.

Nie zaszkodzi, nie będą się gryzły.

Kwarantanne MBAMa można opróżnić.

.

[moxia]

pokaze ci jak wyglada sprawa z tym onetemwyraznie brakuje zdjec i pasek ten prawym dolnym rogu dlugo sie laduje co to moze byc,dlaczego tak sie dzieje?

Edytowane 30 maja 2009 przez moxia

[Gość]

Przeinstaluj FF.

Przeczyść komputer CCleanerem.

I zainstaluj jeszcze raz FF.

.

[moxia]

niestety nie pomoglo,mysle ze to nie wina przegladarki bo na IE i chromie mam to samo,kurcze co to moze byc,zauwazylem ze dzieje sie tak od kiedy zmienilem operatora i przezucilem sie na internet bezprzewodowy i router,moze tu cos