[pawulon83]

witam niedawno instalowałem serwice paki na viste 32 bity niestety razem z nimi dołączyły niezidetyfikowane procesy przy uruchomieniu wina lvvm.exe oraz bed.exe i kilka innych oraz inny objaw jest taki ze ustawia sie przy włączeniu proxy automatycznie prubowałem wywalic z autostratu nic nie dało jakies lepsze rozwiązania??

oto log z combo
ComboFix 08-11-23.02 - pawulon 2012-02-07 17:33:32.6 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1045.18.1321 [GMT 1:00]
Uruchomiony z: c:\users\pawulon\Documents\ComboFix.exe
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\perf.ini

.
((((((((((((((((((((((((( Pliki utworzone od 2012-01-07 do 2012-02-07 )))))))))))))))))))))))))))))))
.

2012-02-07 17:32 . 2012-02-07 17:32 <DIR> d-------- C:\32788R22FWJFW
2012-02-06 16:45 . 2012-02-06 16:45 <DIR> d-------- c:\program files\LogMeIn Hamachi
2012-02-06 16:45 . 2009-03-18 16:35 26,176 --ah----- c:\windows\System32\hamachi.sys
2012-01-25 21:15 . 2011-11-16 17:21 1,259,008 --a------ c:\windows\System32\lsasrv.dll
2012-01-25 21:15 . 2011-11-17 07:48 440,192 --a------ c:\windows\System32\drivers\ksecdd.sys
2012-01-25 21:15 . 2011-11-16 17:23 377,344 --a------ c:\windows\System32\winhttp.dll
2012-01-25 21:15 . 2011-11-16 17:23 278,528 --a------ c:\windows\System32\schannel.dll
2012-01-25 21:15 . 2011-11-16 17:23 72,704 --a------ c:\windows\System32\secur32.dll
2012-01-25 21:15 . 2011-11-16 15:12 9,728 --a------ c:\windows\System32\lsass.exe
2012-01-24 19:54 . 2011-03-12 22:55 876,032 --a------ c:\windows\System32\XpsPrint.dll
2012-01-24 18:01 . 2012-01-24 18:01 <DIR> d-------- c:\program files\Windows Portable Devices
2012-01-24 17:46 . 2012-01-24 17:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2012-01-24 17:46 . 2012-01-24 17:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2012-01-24 00:07 . 2009-09-10 03:01 3,023,360 --a------ c:\windows\System32\UIRibbon.dll
2012-01-24 00:07 . 2009-09-10 03:00 1,164,800 --a------ c:\windows\System32\UIRibbonRes.dll
2012-01-24 00:07 . 2009-09-10 03:00 92,672 --a------ c:\windows\System32\UIAnimation.dll
2012-01-24 00:06 . 2009-09-25 03:10 974,848 --a------ c:\windows\System32\WindowsCodecs.dll
2012-01-24 00:06 . 2009-09-25 02:31 519,680 --a------ c:\windows\System32\d3d11.dll
2012-01-24 00:06 . 2009-09-25 02:33 369,664 --a------ c:\windows\System32\WMPhoto.dll
2012-01-24 00:06 . 2009-09-25 03:04 321,024 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2012-01-24 00:06 . 2009-09-25 02:32 252,928 --a------ c:\windows\System32\dxdiag.exe
2012-01-24 00:06 . 2009-09-25 02:33 195,584 --a------ c:\windows\System32\dxdiagn.dll
2012-01-24 00:06 . 2009-09-25 03:07 189,440 --a------ c:\windows\System32\WindowsCodecsExt.dll
2012-01-23 22:50 . 2011-10-27 09:01 3,602,816 --a------ c:\windows\System32\ntkrnlpa.exe
2012-01-23 22:49 . 2011-01-20 15:28 1,554,432 --a------ c:\windows\System32\xpsservices.dll
2012-01-23 22:47 . 2010-05-04 20:13 231,424 --a------ c:\windows\System32\msshsq.dll
2012-01-23 19:31 . 2012-01-23 19:32 <DIR> d-------- c:\windows\System32\vi-VN
2012-01-23 19:31 . 2012-01-23 19:32 <DIR> d-------- c:\windows\System32\eu-ES
2012-01-23 19:31 . 2012-01-23 19:32 <DIR> d-------- c:\windows\System32\ca-ES
2012-01-23 19:31 . 2012-01-23 19:31 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2012-01-23 19:30 . 2012-01-23 19:30 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2012-01-23 19:09 . 2012-01-23 19:09 <DIR> d-------- c:\windows\System32\EventProviders
2012-01-23 18:09 . 2011-03-03 14:35 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2012-01-23 18:09 . 2011-03-03 16:40 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2012-01-23 17:51 . 2012-01-23 17:51 280,064 --a------ c:\users\pawulon\AppData\Roaming\firefox.exe
2012-01-23 17:50 . 2012-02-07 16:54 <DIR> d-------- c:\users\pawulon\AppData\Roaming\FA1FD
2012-01-22 23:26 . 2007-11-08 10:04 11,967,524 --a------ c:\windows\System32\korwbrkr.lex
2012-01-22 23:26 . 2008-05-27 05:59 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.bin
2012-01-22 23:17 . 2009-11-08 10:55 1,130,824 --a------ c:\windows\System32\dfshim.dll
2012-01-22 23:17 . 2009-11-08 10:55 297,808 --a------ c:\windows\System32\mscoree.dll
2012-01-22 23:17 . 2009-11-08 10:55 295,264 --a------ c:\windows\System32\PresentationHost.exe
2012-01-22 23:17 . 2009-11-08 10:55 99,176 --a------ c:\windows\System32\PresentationHostProxy.dll
2012-01-22 23:17 . 2009-11-08 10:55 49,472 --a------ c:\windows\System32\netfxperf.dll
2012-01-22 23:12 . 2009-10-09 22:56 2,048 --a------ c:\windows\System32\winrsmgr.dll
2012-01-22 18:18 . 2012-02-07 17:24 <DIR> d-------- c:\users\pawulon\AppData\Roaming\CC5FA
2012-01-22 18:18 . 2012-01-23 17:52 <DIR> d-------- c:\program files\LP
2012-01-22 18:18 . 2012-01-22 18:18 <DIR> d-------- c:\program files\FA1FD
2012-01-22 17:51 . 2012-02-07 17:20 <DIR> d-------- c:\users\pawulon\AppData\Roaming\VshareComplete
2012-01-22 17:51 . 2012-01-22 17:51 <DIR> d-------- c:\program files\VshareComplete
2012-01-22 17:51 . 2012-01-22 17:51 <DIR> d-------- c:\program files\StartSearch plugin
2012-01-22 13:13 . 2009-04-11 06:03 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2012-01-22 13:13 . 2009-04-11 07:28 36,864 ---hs---- c:\users\pawulon\AppData\Roaming\FC6056.exe
2012-01-22 13:12 . 2009-04-11 07:28 6,103,040 --a------ c:\windows\System32\chtbrkr.dll
2012-01-22 13:11 . 2009-04-11 07:28 705,536 --a------ c:\windows\System32\SmiEngine.dll
2012-01-22 13:11 . 2009-04-11 07:28 218,624 --a------ c:\windows\System32\wdscore.dll
2012-01-22 13:11 . 2009-04-11 07:27 130,560 --a------ c:\windows\System32\PkgMgr.exe
2012-01-22 13:10 . 2009-04-11 07:28 247,808 --a------ c:\windows\System32\drvstore.dll
2012-01-22 12:36 . 2010-09-13 14:56 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2012-01-22 12:36 . 2010-04-16 17:46 502,272 --a------ c:\windows\System32\usp10.dll
2012-01-22 12:36 . 2010-09-06 17:20 125,952 --a------ c:\windows\System32\srvsvc.dll
2012-01-22 12:36 . 2010-09-06 17:19 17,920 --a------ c:\windows\System32\netevent.dll
2012-01-22 12:34 . 2010-08-26 17:34 1,696,256 --a------ c:\windows\System32\gameux.dll
2012-01-22 12:34 . 2010-06-28 18:00 1,316,864 --a------ c:\windows\System32\ole32.dll
2012-01-22 12:34 . 2010-12-14 15:49 1,169,408 --a------ c:\windows\System32\sdclt.exe
2012-01-22 12:34 . 2011-04-21 14:58 273,408 --a------ c:\windows\System32\drivers\afd.sys
2012-01-22 12:34 . 2010-08-26 17:37 157,184 --a------ c:\windows\System32\t2embed.dll
2012-01-22 12:34 . 2011-04-29 14:25 146,432 --a------ c:\windows\System32\drivers\srv2.sys
2012-01-22 12:34 . 2010-08-17 15:11 128,000 --a------ c:\windows\System32\spoolsv.exe
2012-01-22 12:34 . 2011-04-29 14:25 102,400 --a------ c:\windows\System32\drivers\srvnet.sys
2012-01-22 12:34 . 2011-03-02 16:44 86,528 --a------ c:\windows\System32\dnsrslvr.dll
2012-01-22 12:34 . 2010-04-05 18:01 67,072 --a------ c:\windows\System32\asycfilt.dll
2012-01-22 12:34 . 2009-05-04 10:59 25,088 --a------ c:\windows\System32\dnscacheugc.exe
2012-01-22 12:33 . 2010-08-31 16:46 954,752 --a------ c:\windows\System32\mfc40.dll
2012-01-22 12:33 . 2010-08-31 16:46 954,288 --a------ c:\windows\System32\mfc40u.dll
2012-01-22 12:33 . 2010-08-20 17:05 867,328 --a------ c:\windows\System32\wmpmde.dll
2012-01-22 12:33 . 2011-02-17 07:23 420,864 --a------ c:\windows\System32\vbscript.dll
2012-01-22 12:33 . 2010-04-05 18:02 317,952 --a------ c:\windows\System32\MP4SDECD.DLL
2012-01-22 12:33 . 2010-06-18 18:31 36,864 --a------ c:\windows\System32\rtutils.dll
2012-01-22 12:32 . 2010-12-29 19:28 322,560 --a------ c:\windows\System32\sbe.dll
2012-01-22 12:32 . 2010-12-29 19:26 177,664 --a------ c:\windows\System32\mpg2splt.ax
2012-01-22 12:32 . 2010-12-29 19:28 153,088 --a------ c:\windows\System32\sbeio.dll
2012-01-22 12:30 . 2010-06-11 17:15 1,248,768 --a------ c:\windows\System32\msxml3.dll
2012-01-22 12:30 . 2011-05-02 18:16 739,328 --a------ c:\windows\System32\inetcomm.dll
2012-01-22 12:30 . 2010-11-04 19:55 601,600 --a------ c:\windows\System32\schedsvc.dll
2012-01-22 12:30 . 2010-11-04 19:55 352,768 --a------ c:\windows\System32\taskschd.dll
2012-01-22 12:30 . 2010-11-04 19:56 345,600 --a------ c:\windows\System32\wmicmiplugin.dll
2012-01-22 12:30 . 2010-11-04 19:55 270,336 --a------ c:\windows\System32\taskcomp.dll
2012-01-22 12:30 . 2010-11-04 17:34 171,520 --a------ c:\windows\System32\taskeng.exe
2012-01-22 12:30 . 2010-10-18 14:37 81,920 --a------ c:\windows\System32\consent.exe
2012-01-22 12:29 . 2010-12-17 16:45 2,067,968 --a------ c:\windows\System32\mstscax.dll
2012-01-22 12:29 . 2010-12-17 14:54 677,888 --a------ c:\windows\System32\mstsc.exe
2012-01-22 12:29 . 2010-08-31 16:44 531,968 --a------ c:\windows\System32\comctl32.dll
2012-01-22 12:29 . 2009-04-11 07:28 63,488 --a------ c:\windows\System32\tscupgrd.exe
2012-01-21 23:00 . 2012-01-23 20:01 281,656 --a------ c:\windows\System32\PnkBstrB.xtr
2012-01-21 18:21 . 2012-01-21 18:21 <DIR> d-------- C:\PerfLogs
2012-01-21 17:34 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2012-01-21 17:34 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2012-01-21 17:33 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2012-01-21 17:24 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2012-01-21 17:24 . 2008-01-18 23:33 33,280 ---hs---- c:\users\pawulon\AppData\Roaming\csrss.exe
2012-01-21 17:19 . 2012-01-21 18:00 196,608 --a------ c:\windows\SPInstall.etl
2012-01-21 16:41 . 2012-01-23 20:01 141,200 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2012-01-21 16:41 . 2012-01-21 16:41 138,056 --a------ c:\users\pawulon\AppData\Roaming\PnkBstrK.sys
2012-01-21 16:40 . 2012-01-23 20:01 281,656 --a------ c:\windows\System32\PnkBstrB.exe
2012-01-21 16:40 . 2012-01-23 19:53 281,200 --a------ c:\windows\System32\PnkBstrB.ex0
2012-01-21 16:40 . 2012-01-21 16:40 75,136 --a------ c:\windows\System32\PnkBstrA.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 16:30 --------- d-----w c:\users\pawulon\AppData\Roaming\Winamp
2012-02-07 16:30 --------- d-----w c:\users\pawulon\AppData\Roaming\Media Player Classic
2012-02-07 16:30 --------- d-----w c:\programdata\Spybot - Search & Destroy
2012-02-06 20:29 --------- d-----w c:\program files\Steam
2012-01-24 17:00 --------- d-----w c:\program files\Windows Mail
2012-01-23 18:32 --------- d-----w c:\program files\Windows Sidebar
2012-01-23 18:32 --------- d-----w c:\program files\Windows Photo Gallery
2012-01-23 18:32 --------- d-----w c:\program files\Windows Defender
2012-01-23 18:32 --------- d-----w c:\program files\Windows Collaboration
2012-01-23 18:32 --------- d-----w c:\program files\Windows Calendar
2012-01-23 16:55 --------- d-----w c:\program files\Microsoft.NET
2012-01-21 17:28 174 --sha-w c:\program files\desktop.ini
2012-01-21 17:11 82,432 ----a-w c:\windows\System32\axaltocm.dll
2012-01-21 17:11 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2012-01-21 14:07 --------- d-----w c:\program files\JDownloader
2012-01-07 10:06 --------- d-----w c:\program files\Common Files\Steam
2011-12-22 19:27 --------- d-----w c:\users\pawulon\AppData\Roaming\Sports Interactive
2011-12-16 17:01 --------- d-----w c:\programdata\Microsoft Help
2011-12-09 17:06 --------- d-----w c:\programdata\VistaCodecs
2011-11-25 15:59 376,320 ----a-w c:\windows\System32\winsrv.dll
2011-11-23 13:37 2,043,904 ----a-w c:\windows\System32\win32k.sys
2011-11-18 20:23 1,205,064 ----a-w c:\windows\System32\ntdll.dll
2011-11-18 17:47 66,560 ----a-w c:\windows\System32\packager.dll
2011-11-15 13:29 222,080 ------w c:\windows\System32\MpSigStub.exe
2011-11-08 14:42 2,048 ----a-w c:\windows\System32\tzres.dll
2011-05-02 18:23 56 ---ha-w c:\users\All Users\ezsidmv.dat
2011-05-02 18:23 56 ---ha-w c:\programdata\ezsidmv.dat
2011-08-21 20:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082120110822\index.dat
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-09-22 17:58 177712 --a------ c:\program files\StartSearch plugin\BarLcher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\StartSearch plugin\BarLcher.dll" [2011-09-22 177712]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files\StartSearch plugin\BarLcher.dll" [2011-09-22 177712]

[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1BB.exe"="c:\users\pawulon\AppData\Roaming\Microsoft\F21C\1BB.exe" [2012-02-07 280064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BED.exe"="c:\program files\LP\9C0C\BED.exe" [2012-01-22 280064]
"8CE.exe"="c:\program files\LP\2DBC\8CE.exe" [2012-01-23 280064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-04 c:\windows\SkyTel.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"vShare.tv"="c:\users\pawulon\AppData\Roaming\csrss.exe" [2008-01-18 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.Commonstartup
backupExtension=.Commonstartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.Commonstartup
backupExtension=.Commonstartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.Commonstartup
backupExtension=.Commonstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
-ra------ 2009-06-14 18:24 307200 c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
--a------ 2010-01-11 13:59 9068960 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
--a------ 2010-01-11 13:59 9068960 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recinfo762]
--a------ 2007-10-23 13:52 2764800 c:\recinfo\RecInfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 17:31 630784 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2009-09-24 14:41 434176 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 15:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 21:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2010-05-21 18:26 202256 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2009-03-09 16:49 37888 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-04-10 16:01 4431872 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fb,15,f8,02,fe,d9,cc,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5905B174-7990-460B-8CF7-F05AB6B4E248}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{8C4187A9-696F-46AB-868A-1DCB348090B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4607CF2A-20CA-4620-9E39-3265FE69C855}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E1E84B41-A67A-4E26-89DF-4D91E1420351}"= UDP:d:\gry\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{DC6EF42A-FA90-461E-B96A-F7465416764B}"= TCP:d:\gry\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{6B653F22-DE0C-40B5-9A11-F9275F873A3D}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{EB3FD161-4F0A-4453-AD41-C9B5D6EB40EC}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{238E66F8-C481-4648-9C8D-1B98A92634D8}c:\\program files\\avant browser\\avant.exe"= UDP:c:\program files\avant browser\avant.exe:Avant Browser
"UDP Query User{0CCB2A73-D5D2-4C74-B157-65F33434D517}c:\\program files\\avant browser\\avant.exe"= TCP:c:\program files\avant browser\avant.exe:Avant Browser
"TCP Query User{8000C48B-5A7B-48BE-B84D-DE5037EFA234}c:\\dead.space.multi-5.repack.skullptura\\dead space\\dead space.exe"= UDP:c:\dead.space.multi-5.repack.skullptura\dead space\dead space.exe:Dead Space ™
"UDP Query User{8A93F3CA-5D97-46F6-A7C4-D30DF25AE02D}c:\\dead.space.multi-5.repack.skullptura\\dead space\\dead space.exe"= TCP:c:\dead.space.multi-5.repack.skullptura\dead space\dead space.exe:Dead Space ™
"TCP Query User{D527B8C2-0C03-4542-8EE9-1164A9D8F872}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{B51628F6-D847-4D75-A9D1-0BDC50765C7D}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{D3181E69-DDCB-49A5-9879-948E7C189C6A}d:\\gry\\pro evo\\pes 2009\\pes2009.exe"= UDP:d:\gry\pro evo\pes 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{66A50B19-9387-45DE-848B-7C0A26C87499}d:\\gry\\pro evo\\pes 2009\\pes2009.exe"= TCP:d:\gry\pro evo\pes 2009\pes2009.exe:Pro Evolution Soccer 2009
"{6FBC8AA0-4956-4D9F-B090-7A0291D6C412}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"{8182EF6D-F209-4952-A89F-A674EEE901BF}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo
"TCP Query User{19EEB973-DDBF-46E4-9C1B-CDA0EE760673}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{E6B3E90D-D676-4A6F-ADA7-DDC601ED7DC1}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"{B3157190-7AEE-4E96-AC10-EFD0B1B23F0F}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{077DD40E-1E30-4859-883B-185ADFEDDA3C}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"TCP Query User{02E0FD9D-B633-4D12-BF56-0C6EE39985C0}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{1AF81F0E-7380-48FC-B67D-F57372B24EDB}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{47ABBB9C-34D0-4B8C-9B82-DD666B7FEFAE}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{BC7B6998-768C-4E5A-8571-C9F6BDFB204F}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{2D8E7F5A-7B9B-402F-9B38-5F7FB9226B41}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{4DF1FF57-6725-413B-A68A-D501B9AFFC04}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{2B6714FE-C4D3-4E80-B77C-09F2472825D6}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{6987664D-322D-41EE-B34D-F93024EC623D}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{194DD9DF-17AA-40B9-9A20-ADE018EB0AB1}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2010\fm.exe:Football Manager 2010
"{5508D869-B99E-497F-9D19-DA8F70ADCC3B}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2010\fm.exe:Football Manager 2010
"TCP Query User{D7A1E546-036F-45F7-BE2D-97366502F636}c:\\miranda im\\miranda32.exe"= UDP:c:\miranda im\miranda32.exe:Miranda IM
"UDP Query User{21134F63-286E-4F99-90A4-10A9B0180533}c:\\miranda im\\miranda32.exe"= TCP:c:\miranda im\miranda32.exe:Miranda IM
"TCP Query User{8E5A2A31-6F8E-42E5-9876-B36E6E7B1F75}c:\\program files\\gadu-gadu 10\\gg.exe"= UDP:c:\program files\gadu-gadu 10\gg.exe:Gadu-Gadu 10
"UDP Query User{657E4D60-170A-40EA-BABF-64CB6A1AD4A0}c:\\program files\\gadu-gadu 10\\gg.exe"= TCP:c:\program files\gadu-gadu 10\gg.exe:Gadu-Gadu 10
"TCP Query User{21E76787-207B-4AB5-AB20-B200F00E234B}c:\\program files\\flashget network\\flashget 3\\flashget3.exe"= UDP:c:\program files\flashget network\flashget 3\flashget3.exe:FlashGet3
"UDP Query User{B1853B91-0C57-4976-A58C-C0633B8A6DF5}c:\\program files\\flashget network\\flashget 3\\flashget3.exe"= TCP:c:\program files\flashget network\flashget 3\flashget3.exe:FlashGet3
"TCP Query User{D1401846-B531-4510-AFBE-D1BB803C1F9B}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{00E98067-DDA2-4066-8669-883C8B431E50}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{9C53E024-DA57-44A5-A2A1-3D6A53A8E78A}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2011 demo\fm.exe:Football Manager 2011 Demo
"{0FC4EEA3-A032-4122-9D01-266FACC95E26}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2011 demo\fm.exe:Football Manager 2011 Demo
"{16EA1FD0-B5CE-4DCA-A239-B4A69AE06426}"= UDP:c:\program files\StarCraft II\StarCraft II.exe:Blizzard Launcher
"{D5F15986-811C-4FAC-9DBB-A082FAD51C50}"= TCP:c:\program files\StarCraft II\StarCraft II.exe:Blizzard Launcher
"TCP Query User{F097965F-B082-4F1B-BFBD-78068A28D277}c:\\program files\\starcraft ii\\support\\blizzarddownloader.exe"= UDP:c:\program files\starcraft ii\support\blizzarddownloader.exe:Blizzard Downloader
"UDP Query User{AF67A4D7-C658-418F-8F9E-72E21D8161C6}c:\\program files\\starcraft ii\\support\\blizzarddownloader.exe"= TCP:c:\program files\starcraft ii\support\blizzarddownloader.exe:Blizzard Downloader
"TCP Query User{A17CFF16-4D36-4ADE-926D-E883B2D2223A}c:\\program files\\google\\chrome\\application\\chrome.exe"= UDP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"UDP Query User{B310E34A-003E-47C1-A507-0B7D972F1171}c:\\program files\\google\\chrome\\application\\chrome.exe"= TCP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"{132E7C94-1CE1-47ED-A22C-18EB11AA8837}"= Disabled:UDP:d:\gry\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{997224EA-17CC-4DE2-960E-9CF7DA4D2F6F}"= Disabled:TCP:d:\gry\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{704FE5AA-8740-49F2-9713-F45D63A0124A}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{841A52FF-CFF6-49CF-B819-3FCC38AF1C57}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{69841EBC-E28E-4FE0-BB7F-4F912BB38FBF}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{AA6E46BF-3535-430D-AD21-A0CF1BB7BECA}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{4A939815-2652-46E4-A8E1-958ABD12122C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B7C9DD06-D2F6-43AB-9FC3-05EACB4B4B08}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{69F009DE-47A1-4E14-9F4C-CE9D30B6E45E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{05297CDC-4970-4F3A-AF97-7DFD6EB2DE76}c:\\program files\\musicbrainz picard\\picard.exe"= UDP:c:\program files\musicbrainz picard\picard.exe:The next generation MusicBrainz tagger
"UDP Query User{C18FF3D9-1D48-4DA6-8379-D503BE7B5621}c:\\program files\\musicbrainz picard\\picard.exe"= TCP:c:\program files\musicbrainz picard\picard.exe:The next generation MusicBrainz tagger
"{84B817BC-0377-4148-8104-C9892347299E}"= UDP:c:\users\pawulon\Downloads\Facemoods.exe:InstallCore™
"{D40489EF-BA4B-4EF4-84AF-2F7E93993D40}"= TCP:c:\users\pawulon\Downloads\Facemoods.exe:InstallCore™
"{22B27337-B860-4F7C-A8F1-A69768DB4548}"= UDP:d:\kalypso\Tropico 3\tropico3.exe:Tropico 3
"{D2914E02-8257-4BAC-AD25-2BFC0AB7474E}"= TCP:d:\kalypso\Tropico 3\tropico3.exe:Tropico 3
"TCP Query User{40876509-2626-40A1-99E1-061D96695422}c:\\sports interactive\\football manager 2011\\fm.exe"= UDP:c:\sports interactive\football manager 2011\fm.exe:Football Manager 2011 11.3.0f178533
"UDP Query User{BC31BC3B-23A1-4617-90CA-C2C0F6147422}c:\\sports interactive\\football manager 2011\\fm.exe"= TCP:c:\sports interactive\football manager 2011\fm.exe:Football Manager 2011 11.3.0f178533
"TCP Query User{09390E32-506B-4468-A37A-48ADDCEA7F39}c:\\sports interactive\\football manager 2011\\fm.exe"= UDP:c:\sports interactive\football manager 2011\fm.exe:Football Manager 2011 11.3.0f178533
"UDP Query User{7BA36A3D-EA5F-4AB8-9A4A-D02C4FC2DEE0}c:\\sports interactive\\football manager 2011\\fm.exe"= TCP:c:\sports interactive\football manager 2011\fm.exe:Football Manager 2011 11.3.0f178533
"TCP Query User{E92D3883-F4C3-4E60-BCCA-A1845EC00429}c:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\java.exe:Java™ Platform SE binary
"UDP Query User{A5EE8422-5227-4E5D-82C4-9C572E5E380D}c:\\program files\\java\\jre1.6.0_03\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\java.exe:Java™ Platform SE binary
"TCP Query User{7873608F-5ED1-491E-97DC-6B0BF1D9C1E6}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{DA7E5FDD-2FDF-4744-9D58-43E17639C96E}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"{99928C98-B893-4A5D-9B34-411A76EC376C}"= UDP:c:\program files\Steam\steam.exe:Steam
"{B0E70B93-FD85-4F64-A8FA-8F45F4F32CF7}"= TCP:c:\program files\Steam\steam.exe:Steam
"{5A019726-933F-4F34-9C3A-DC01A489ABC4}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2012\fm.exe:Football Manager 2012
"{E6877CD9-D309-4E98-A7F5-E3C6C0E2006C}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2012\fm.exe:Football Manager 2012
"TCP Query User{83CBD2B8-319A-49E2-989E-4B5E9181ECCC}c:\\program files\\steam\\steamapps\\common\\football manager 2012\\fm.exe"= UDP:c:\program files\steam\steamapps\common\football manager 2012\fm.exe:Football Manager 2012 12.1.1f244099
"UDP Query User{B79F5A4B-07B6-48F2-9A88-6E1DDA0849FF}c:\\program files\\steam\\steamapps\\common\\football manager 2012\\fm.exe"= TCP:c:\program files\steam\steamapps\common\football manager 2012\fm.exe:Football Manager 2012 12.1.1f244099
"{136FD04D-153C-4A76-A281-88DA0C60B90C}"= UDP:c:\program files\Steam\SteamApps\common\apb reloaded\Launcher\APBLauncher.exe:APB Reloaded
"{796F5130-F38C-4DC0-929B-DC7096372F43}"= TCP:c:\program files\Steam\SteamApps\common\apb reloaded\Launcher\APBLauncher.exe:APB Reloaded
"{99347F33-CAEB-43B6-B7D0-B7191C405241}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{06063A92-5390-476C-A038-F9991B80BBBC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{ABF524E5-344A-4754-A9EE-C3B6437EE95B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9ECC67F7-A16E-41C8-AE00-EB781FF432F1}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D8997E39-93F5-4296-AE86-8AA58E5CCFB0}"= UDP:c:\program files\Steam\SteamApps\common\apb reloaded\Binaries\APB.exe:APB: APB.exe
"{AC88090E-73D0-4BA8-B67E-07CE3819C61F}"= TCP:c:\program files\Steam\SteamApps\common\apb reloaded\Binaries\APB.exe:APB: APB.exe
"{937BD4F1-44FD-4F9C-9EC8-A65205715FBB}"= UDP:c:\program files\Steam\SteamApps\common\apb reloaded\Binaries\VivoxVoiceService.exe:APB: VivoxVoiceService.exe
"{EEB52DB1-EAFC-490D-95B6-6F7C46170E7F}"= TCP:c:\program files\Steam\SteamApps\common\apb reloaded\Binaries\VivoxVoiceService.exe:APB: VivoxVoiceService.exe
"TCP Query User{A0B6BED4-8BC4-426E-BFDA-C07BE49B5C0B}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B5EB90B6-C516-4BCC-B2A4-AF5BC4569099}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"= c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

R2 FontCache;Usług systemu Windows buforowania czcionek;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-01-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"c:\program files\LogMeIn Hamachi\hamachi-2.exe" -s [2012-02-02 1373576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-12-14 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-08 1153368]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 wlidsvc;Windows Live ID Sign-in Assistant;"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2009-08-18 1529728]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-02-07 4994048]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-11-30 46592]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2009-12-14 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2010-05-21 136176]
S3 gupdatem;Usługa Google Update (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc [2010-05-21 136176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-06-01 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-06-01 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-06-01 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-06-01 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-06-01 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-06-01 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-06-01 109864]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2009-07-09 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2009-07-09 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2009-07-09 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2009-07-09 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2009-07-09 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2009-07-09 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2009-07-09 110120]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-22 419624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-11-30 131616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2012-01-23 c:\windows\Tasks\At1.job
- c:\users\pawulon\AppData\Roaming\firefox.exe [2012-01-23 17:51]

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:24]

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 18:24]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{222f31fb-a14e-4af2-bb14-997f28294370} - (no file)
WebBrowser-{043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
ShellIconOverlayIdentifiers-{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} - %SystemRoot%\system32\EhStorShell.dll


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\users\pawulon\AppData\Roaming\Mozilla\Firefox\Profiles\o1vp3nri.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://vshare.toolbarhome.com/?hp=df
FF -: plugin - c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF -: plugin - c:\program files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
FF -: plugin - c:\program files\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npvsharetvplg.dll
FF -: plugin - c:\program files\TVUPlayer\npTVUAx.dll
FF -: plugin - c:\program files\Veetle\Player\npvlc.dll
FF -: plugin - c:\program files\Veetle\plugins\npVeetle.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
.
------- Skojarzenia plików -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-07 17:34:12
Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2012-02-07 17:41:32
ComboFix-quarantined-files.txt 2012-02-07 16:41:30
ComboFix2.txt 2011-03-09 19:59:09

Przed: 29 728 067 584 bajtów wolnych
Po: 29,670,006,784 bajtów wolnych

405 --- E O F --- 2012-01-27 21:39:39

[pawulon83]

oto log na wklej to http://wklej.to/kxllc

[Miczi_82]

Wklej logi z OTL.

[pawulon83]

oki ot to:) http://wklej.to/pPzb6

[Miczi_82]

Uruchom OTL i w polu Własne opcje skanowania wklej ten kod:

:OTL
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
F3 - HKCU WinNT: Load - (C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe) -C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: vShare.tv = C:\Users\pawulon\AppData\Roaming\csrss.exe ()
O8 - Extra context menu item: &D&ownload &with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Users\pawulon\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\pawulon\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Users\pawulon\AppData\Roaming\CC5FA\870B5.exe) -C:\Users\pawulon\AppData\Roaming\CC5FA\870B5.exe ()
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

:Files
C:\Users\pawulon\AppData\Roaming\FA1FD
C:\Program Files\LP
C:\Users\pawulon\AppData\Roaming\CC5FA
C:\Users\pawulon\AppData\Roaming\VshareComplete
C:\Program Files\VshareComplete
C:\Program Files\StartSearch plugin
C:\Users\pawulon\AppData\Roaming\FC6056.exe
C:\Users\pawulon\AppData\Local\Temp*.html
C:\Users\pawulon\AppData\Roaming\csrss.exe

:Commands
[emptyflash]
[emptytemp]

i kliknij Wykonaj skrypt.

Pobierz Ad-Remover i go uruchom, usuniesz śmieciowe dodatki do przeglądarek.

Po wszystkim wykonaj nowe skanowanie OTL i wklej nowy log.


Dziwią mnie jeszcze dwie inne rzeczy.
C:\Users\pawulon\AppData\Roaming\firefox.exe - jaki sens ma plik główny firefoxa w takim miejscu? Musiałbyś to sprawdzić.

C:\Windows\tasks\At1.job - ten job ma nazwę raczej nie systemową. Sprawdź co to za jeden, co zawiera i osądź czy ma zostać czy nie.

Ten post był edytowany przez Miczi_82 dnia: 08 Luty 2012 - 10:40

[pawulon83]

ok wykonałem zalecane kroki wg intrukcji http://wklej.to/TBP8A niestety procesy opisane u góry znikneły na chwilke

[Miczi_82]

Coś mi się wydaje, że ten skrypt nie do końca się wykonał wykonał.

Wejdź lepiej w tryb awaryjny, uruchom OTL i wklej ten kod:

:OTL
PRC - [2012-02-08 17:19:26 | 000,184,832 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe
PRC - [2012-02-08 17:18:52 | 000,167,424 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\CC5FA\04B21.exe
PRC - [2012-02-08 07:08:51 | 000,279,552 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\Microsoft\14CC\F85.exe
MOD - [2012-02-08 17:19:26 | 000,184,832 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe
MOD - [2012-02-08 17:18:52 | 000,167,424 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\CC5FA\04B21.exe
MOD - [2012-02-08 07:08:51 | 000,279,552 | ---- | M] () -- C:\Users\pawulon\AppData\Roaming\Microsoft\14CC\F85.exe
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\BarLcher.dll File not found
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\BarLcher.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\BarLcher.dll File not found
O4 - HKCU..\Run: [175.exe] C:\Users\pawulon\AppData\Roaming\Microsoft\211C\175.exe ()
O4 - HKCU..\Run: [1C7.exe] C:\Users\pawulon\AppData\Roaming\Microsoft\24BC\1C7.exe ()
O4 - HKCU..\Run: [2FB.exe] C:\Users\pawulon\AppData\Roaming\Microsoft\B4DC\2FB.exe ()
O4 - HKCU..\Run: [F85.exe] C:\Users\pawulon\AppData\Roaming\Microsoft\14CC\F85.exe ()
O4 - HKLM..\RunOnce: []  File not found
F3 - HKCU WinNT: Load - (C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe) -C:\Users\pawulon\AppData\Roaming\FA1FD\lvvm.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\pawulon\AppData\Roaming\CC5FA\04B21.exe) -C:\Users\pawulon\AppData\Roaming\CC5FA\04B21.exe ()

:Files
C:\Users\pawulon\AppData\Roaming\FA1FD
C:\Users\pawulon\AppData\Roaming\CC5FA
C:\32788R22FWJFW
C:\Program Files\FA1FD
C:\Users\pawulon\AppData\Roaming\firefox.exe

:Commands
[emptytemp]
[emptyflash]

i Wykonaj skrypt.

Zaopatrz się w Malwarebytes Antimalware i wykonaj nim skanowanie.

Coś mi się wydaje, że ten folder
C:\Users\pawulon\AppData\Local\Microsoft_Corporation
jest podejrzany, lepiej sprawdź jego zawartość. Generalnie w Appdata w Roaming i Local są foldery MS, ale o nazwie po prostu "Microsoft", a na pewno bez podkreślnika.

Ewentualnie możesz spróbować innych narzędzi do usunięcia tego szkodnika, np. z tego linka
http://www.cleanpcgu...emove-lvvm-exe/

[pawulon83]

ok to pomgło wszystkie procesy znikneły a zawartosc tego katalogu to katalog o nazwie powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w usunac go??

[Miczi_82]

Hmm, to jednak może być rzeczywiście Microsoftu, dodatek o nazwie Windows PowerShell. Nie wiem jednak od czego Ci się to pojawiło, ale wygląda na to, że może to sobie tam siedzieć.

Możesz ewentualnie sprawdzić na stronie VirusTotal.com wysyłając ten plik, czy zawiera on jakiegoś szkodnika.