Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » prośba o sprawdzenie loga Poprzedni temat :: Następny temat
prośba o sprawdzenie loga
Autor Wiadomość
airborne82
Gość
Wysłany: 2009-10-28, 00:15   prośba o sprawdzenie loga
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:59, on 2009-10-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Ris\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\RavTask.exe
E:\Rising\Ris\RavMonD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
E:\Rising\Ris\ScanFrm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\Rising\Ris\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
E:\Rising\Ris\RsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Skype\Phone\Skype.exe
E:\Free Download Manager\fdm.exe
E:\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RisTray] "E:\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O4 - Global Startup: Microsoft Office.bat
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9a28360ef97e0) (gupdate1c9a28360ef97e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ris Process Communication Center (RisCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\CCENTER.EXE
O23 - Service: Rising RisTask Manager (RisTask) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\ScanFrm.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 9225 bytes
 
   
Asdef 
Administrator



Pomógł: 32 razy
Skąd: Lodz
Wysłany: 2009-10-28, 11:20   
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
_________________
PCT szuka ludzi dobrej woli, którzy jak mają ciekawe artykuły pisane z własnej ręki, to oczywiście można je nadsyłać nawet z gościa, po zatwierdzeniu przez moderatora…
http://www.pctown.pl/submitnews.php
lub wysyłać na asdef(malpa)o2.pl
http://img528.imageshack.us/img528/3311/dn9ar.png
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-10-28, 14:42   
Oprócz tego co podał Asdef, w celu optymalizacji usuń także te wpisy:
Kod:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Global Startup: Microsoft Office.bat


Dodatkowo podaj logi z OTL i GMER
_________________
 
   
airborne82
Gość
Wysłany: 2009-10-28, 15:03   
Więc tak usunąłem to co napisaliście i ... system jakby szybciej wystartował , więc może po to te wpisy były by usunąc je ... teraz zamieszczam reszte logów



OTL logfile created on: 2009-10-28 14:58:44 - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = E:\OTL
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,36 Gb Free Space | 22,96% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 34,04 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,50 Gb Free Space | 58,06% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 0,41 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 0,91 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
Drive H: | 86,39 Gb Total Space | 2,72 Gb Free Space | 3,15% Space Free | Partition Type: NTFS
Drive I: | 117,19 Gb Total Space | 5,16 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive J: | 117,19 Gb Total Space | 38,12 Gb Free Space | 32,53% Space Free | Partition Type: NTFS
Drive K: | 114,19 Gb Total Space | 46,06 Gb Free Space | 40,34% Space Free | Partition Type: NTFS

Computer Name: GRZESIO-ACMILAN
Current User Name: GrZeSiO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-10-27 15:02:57 | 00,521,728 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
PRC - [2009-09-24 01:52:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-09-24 01:52:01 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-09-10 19:14:46 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-02 08:18:08 | 01,187,840 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-06-30 06:04:59 | 00,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\ScanFrm.exe
PRC - [2009-06-12 21:33:36 | 00,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavTask.exe
PRC - [2009-06-12 21:33:34 | 00,494,192 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rsnetsvr.exe
PRC - [2009-06-12 21:33:27 | 00,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavMonD.exe
PRC - [2009-06-12 21:23:35 | 00,113,264 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\CCENTER.EXE
PRC - [2009-06-12 21:23:26 | 00,141,936 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RsTray.exe
PRC - [2009-04-30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009-04-28 01:40:44 | 04,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009-04-27 10:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009-04-15 08:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009-04-15 08:42:52 | 00,133,664 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009-03-11 12:00:54 | 24,095,528 | ---- | M] (Skype Technologies S.A.) -- E:\Skype\Phone\Skype.exe
PRC - [2009-02-06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-01-31 02:45:14 | 03,399,727 | ---- | M] (FreeDownloadManager.ORG) -- E:\Free Download Manager\fdm.exe
PRC - [2008-12-29 11:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-02-17 14:03:57 | 02,396,160 | ---- | M] (Gadu-Gadu Sp. z oo) -- E:\Gadu-Gadu\gg.exe
PRC - [2002-09-28 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-09-24 01:52:01 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-06-30 06:04:59 | 00,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\ScanFrm.exe -- (RsScanSrv [Auto | Stopped])
SRV - [2009-06-12 21:33:36 | 00,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavTask.exe -- (RisTask [Auto | Running])
SRV - [2009-06-12 21:33:27 | 00,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavMonD.exe -- (RsRavMon [Auto | Stopped])
SRV - [2009-06-12 21:23:35 | 00,113,264 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\CCENTER.EXE -- (RisCCenter [Auto | Stopped])
SRV - [2009-04-30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2009-04-28 01:40:44 | 04,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service [Auto | Running])
SRV - [2009-04-27 10:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService [Auto | Running])
SRV - [2009-04-15 08:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009-03-24 12:28:17 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009-03-11 20:55:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a28360ef97e0 [Auto | Stopped])
SRV - [2009-03-03 13:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2008-12-08 16:15:26 | 00,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EnergySaver\GSvr.exe -- (GEST Service [Auto | Stopped])
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
SRV - [2005-05-20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004-10-16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009-10-28 14:55:43 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Running])
DRV - [2009-09-10 09:19:52 | 00,043,160 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rsfwdrv.sys -- (rsfwdrv [System | Running])
DRV - [2009-08-13 16:08:48 | 00,144,024 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookSys.sys -- (hooksys [System | Running])
DRV - [2009-06-22 11:17:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2009-06-12 21:33:19 | 00,019,312 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rfwtdi.sys -- (rfwtdi [Auto | Running])
DRV - [2009-06-12 21:23:35 | 00,018,288 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\rfwbase.sys -- (RfwBase9 [On_Demand | Running])
DRV - [2009-06-12 21:23:35 | 00,015,216 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookCont.sys -- (hookcont [System | Running])
DRV - [2009-06-12 21:23:28 | 00,010,832 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\system32\Drivers\RsNTGdi.sys -- (RsNTGDI [Boot | Running])
DRV - [2009-06-06 20:52:05 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\ezplay.sys -- (ezplay [On_Demand | Stopped])
DRV - [2009-06-06 20:52:00 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2009-06-06 19:25:09 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-05-03 13:06:16 | 00,279,712 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-05-03 13:06:15 | 00,025,888 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2009-04-30 21:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009-04-23 02:55:37 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009-03-27 00:16:28 | 00,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdm.sys -- (k510mdm [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mgmt.sys -- (k510mgmt [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510obex.sys -- (k510obex [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510bus.sys -- (k510bus [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdfl.sys -- (k510mdfl [On_Demand | Stopped])
DRV - [2009-03-09 11:25:12 | 00,038,304 | ---- | M] (NVIDIA Corp.) -- C:\WINDOWS\System32\DRIVERS\nvoclock.sys -- (nvoclock [On_Demand | Running])
DRV - [2009-01-13 12:10:08 | 05,015,040 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-09-17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008-08-08 09:15:56 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- E:\PowerDVD\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running])
DRV - [2008-07-04 10:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-09-05 13:48:24 | 12,212,864 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys -- (SNP2STD [On_Demand | Stopped])
DRV - [2006-09-24 14:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006-07-05 13:46:06 | 00,063,352 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a [Boot | Running])
DRV - [2006-06-14 15:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2006-06-14 12:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys -- (EIO_XP [System | Running])
DRV - [2006-05-05 18:21:00 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\System32\drivers\nvport.sys -- (nvport [System | Running])
DRV - [2006-04-13 01:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006-04-13 01:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006-04-13 01:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006-03-29 07:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2005-06-06 16:51:38 | 00,011,264 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])
DRV - [2005-01-07 16:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005-01-05 17:02:10 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2004-08-09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004-08-09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])
DRV - [2004-08-01 07:09:24 | 00,055,936 | ---- | M] (OrangeWare Corporation) -- C:\WINDOWS\System32\DRIVERS\ousb2hub.sys -- (ousb2hub [On_Demand | Stopped])
DRV - [2004-08-01 07:09:24 | 00,044,928 | ---- | M] (OrangeWare Corporation) -- C:\WINDOWS\System32\Drivers\ousbehci.sys -- (ousbehci [Auto | Stopped])
DRV - [2004-07-19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2004-07-17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003-12-01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2003-07-17 16:40:06 | 00,265,728 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2003-07-17 13:02:08 | 00,017,097 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PONDIS5.SYS -- (PONDIS5 [On_Demand | Stopped])
DRV - [2002-09-28 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002-09-28 23:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2002-07-17 07:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2001-08-17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
DRV - [2001-08-17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
DRV - [2001-08-17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
DRV - [2001-08-17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [1999-12-17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [1996-04-03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])

========== Modules (SafeList) ==========

MOD - [2009-10-27 15:02:57 | 00,521,728 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
MOD - [2006-08-25 16:51:13 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005-05-24 16:46:33 | 00,032,768 | ---- | M] () -- E:\Gadu-Gadu\ggwhook.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/...er=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2009-06-06 22:10:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-01 22:46:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-11 13:21:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-23 01:10:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-01 00:26:00 | 00,000,000 | ---D | M]

[2009-03-11 03:10:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Extensions
[2009-03-11 03:10:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-27 14:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions
[2009-10-24 23:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009-09-22 20:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009-04-03 17:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009-05-04 15:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009-05-04 14:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009-10-27 14:40:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-09-10 19:14:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-05-01 22:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-09-05 18:46:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-09-10 19:14:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-10 19:14:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-11-11 08:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009-07-25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-09-10 19:14:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-02-27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-09-10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008-09-10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-09-05 18:43:39 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2007-07-26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009-09-05 18:43:39 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-09-05 18:43:39 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-09-05 18:43:39 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-09-05 18:43:39 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-09-05 18:43:39 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-09-05 18:43:39 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll (BitComet)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RisTray] E:\Rising\Ris\RsTray.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Gadu-Gadu] E:\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo)
O4 - HKCU..\Run: [Skype] E:\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O8 - Extra context menu item: &D&ownload &with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - E:\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Pobierz w Free Download Manager - E:\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - E:\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - E:\Free Download Manager\dlselected.htm ()
O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll (BitComet)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macrome...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop Components:1 (Aqua Real) - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-11 02:19:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-03-11 02:19:59 | 00,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e44a8339-10cb-11de-9e01-0001e345c536}\Shell\AutoRun\command - "" = N:\eexyv.exe -- File not found
O33 - MountPoints2\{e44a8339-10cb-11de-9e01-0001e345c536}\Shell\open\Command - "" = N:\eexyv.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\WINDOWS\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-10-27 03:01:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2009-10-27 15:37:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-10-01 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\salvation
[2009-10-19 13:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Ace
[2009-10-14 13:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\FUEL
[2009-10-03 18:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Leadertech
[2009-10-27 15:38:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Malwarebytes
[2009-10-21 19:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Nowe Gadu-Gadu
[2009-10-25 00:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\TMNT
[2009-10-20 18:44:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Ubisoft
[2009-10-24 20:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\CAPCOM
[2009-10-15 20:37:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Deployment
[2009-10-05 15:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\FlatOut Ultimate Carnage
[2009-10-21 20:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GHOSTBUSTERS (tm)
[2009-10-07 17:53:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\NFS Underground 2
[2009-10-01 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\salvation
[2009-10-14 15:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\VirtuaTennis2009
[2009-10-21 20:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009-10-14 13:23:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009-10-01 00:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-09-30 23:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-27 15:37:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-10-27 15:37:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-10-25 19:44:17 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009-10-23 06:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009-10-21 20:29:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\GHOSTBUSTERS (tm)
[2009-10-19 13:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\WALL-E
[2009-10-15 17:47:38 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-10-15 17:47:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009-10-14 15:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\VirtuaTennis2009
[2009-10-06 19:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\Eidos
[2009-10-05 15:47:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009-10-05 05:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\FIFA 10
[2009-10-01 00:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft
[2009-10-01 00:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\CAPCOM
[2009-10-01 00:03:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2009-10-01 00:00:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-10-01 00:00:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009-09-30 23:59:21 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009-06-06 19:01:35 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.sys
[2009-03-12 13:19:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.sys
[2009-03-12 12:51:23 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2009-03-12 12:51:23 | 00,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll

========== Files - Modified Within 30 Days ==========

[2009-10-28 14:55:54 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-10-28 14:55:43 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009-10-28 14:55:33 | 00,230,158 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-10-28 14:55:32 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-28 14:55:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-28 14:55:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-28 14:18:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-10-27 15:12:30 | 00,000,130 | ---- | M] () -- C:\WINDOWS\System32\BsMain.ini
[2009-10-27 15:12:28 | 00,000,288 | ---- | M] () -- C:\WINDOWS\Ris.inf
[2009-10-27 02:46:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-26 23:31:14 | 00,001,042 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-26 23:31:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-26 23:31:14 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009-10-26 02:44:49 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-10-23 05:57:08 | 00,000,053 | ---- | M] () -- C:\WINDOWS\DelToolbox.bat
[2009-10-23 04:35:11 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-10-23 04:35:11 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-10-21 20:25:03 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-21 19:19:27 | 00,000,449 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\15.Gadu-Gadu.lnk
[2009-10-21 01:17:56 | 01,579,910 | -H-- | M] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-15 23:14:31 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009-10-11 13:57:03 | 00,029,216 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-11 13:33:51 | 00,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-11 13:19:23 | 01,071,212 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-11 13:19:23 | 00,500,302 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-11 13:19:23 | 00,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-11 13:19:23 | 00,088,838 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-11 13:19:23 | 00,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-04 00:16:22 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\25.SMS.lnk
[2009-10-04 00:15:13 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\16.AMCap.lnk
[2009-10-04 00:03:52 | 00,000,436 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\6.Teledyski.lnk
[2009-10-03 18:29:47 | 00,000,425 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\7.Muzyka.lnk
[2009-10-03 18:11:52 | 00,000,120 | ---- | M] () -- C:\WINDOWS\disney.ini

========== Files - No Company Name ==========
[2009-10-23 05:57:08 | 00,000,053 | ---- | C] () -- C:\WINDOWS\DelToolbox.bat
[2009-10-21 19:19:27 | 00,000,449 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Pulpit\15.Gadu-Gadu.lnk
[2009-10-17 17:17:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2009-10-03 17:44:55 | 00,000,120 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-09-25 23:44:48 | 00,000,147 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009-08-30 13:56:46 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009-08-26 01:05:12 | 00,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2009-08-26 01:05:12 | 00,124,931 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2009-08-26 01:05:10 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2009-08-26 01:05:07 | 00,730,121 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2009-08-26 01:05:07 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2009-08-26 01:05:07 | 00,003,020 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
[2009-08-15 11:56:36 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009-08-05 15:14:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009-07-16 12:51:40 | 00,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2009-07-14 22:41:55 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wpcap.dll
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\packet.dll
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\npf.sys
[2009-06-20 21:00:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009-06-12 21:29:42 | 00,000,031 | ---- | C] () -- C:\WINDOWS\rav.ini
[2009-06-12 21:26:29 | 00,000,130 | ---- | C] () -- C:\WINDOWS\System32\BsMain.ini
[2009-06-12 21:24:57 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Ris.ini
[2009-06-06 19:01:38 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.log
[2009-06-06 19:01:35 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.cat
[2009-06-06 19:01:35 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.inf
[2009-06-06 19:01:35 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.ini
[2009-06-06 19:01:27 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\inst.exe
[2009-05-14 19:18:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-14 19:18:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-05-14 19:18:15 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-05-14 19:18:14 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-14 19:18:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-14 18:42:39 | 00,000,036 | ---- | C] () -- C:\WINDOWS\plugSpk.INI
[2009-05-13 19:31:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\.googlewebacchosts
[2009-05-08 12:44:14 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-05-08 12:44:14 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-05-08 12:44:13 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-05-03 13:06:16 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-03 13:06:15 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-04-30 23:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-04-30 23:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-30 23:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-04-30 23:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-04-21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-04-16 23:46:43 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\apache.dll
[2009-04-06 01:06:59 | 00,002,678 | ---- | C] () -- C:\WINDOWS\VPlayer.INI
[2009-03-12 17:40:36 | 00,000,294 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-03-12 13:19:59 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.log
[2009-03-12 13:19:58 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezpinst.exe
[2009-03-12 13:19:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.cat
[2009-03-12 13:19:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.inf
[2009-03-12 12:51:27 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009-03-12 12:51:26 | 12,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009-03-12 12:51:26 | 00,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2009-03-12 12:29:39 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009-03-11 19:03:38 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-03-11 17:36:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-11 17:36:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-11 16:14:27 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-11 03:05:04 | 00,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009-03-11 02:48:22 | 00,029,216 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-03-11 02:30:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-11 02:25:39 | 01,579,910 | -H-- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-03-11 02:23:25 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\desktop.ini
[2009-03-11 02:13:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-04-26 03:05:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002-10-27 10:49:26 | 00,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002-09-28 23:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002-09-28 23:00:00 | 00,001,042 | ---- | C] () -- C:\WINDOWS\win.ini
[2002-09-28 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-07 03:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997-03-31 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997-03-31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996-04-03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:466F9D5D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:9482CFB4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:4F96D8E6
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:0F8F5844
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:A9662AE0
< End of report >
 
   
airborne82
Gość
Wysłany: 2009-10-28, 15:09   
Niestety nie wiem co mam wysłać w GMER bo dużo jest tego i co dokładnie sprawdzić ...
 
   
airborne82
Gość
Wysłany: 2009-10-28, 15:11   
a log po naprawie, w HijackThis wygłada tak


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:07, on 2009-10-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Ris\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\RavTask.exe
E:\Rising\Ris\RavMonD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Rising\Ris\RsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Skype\Phone\Skype.exe
E:\Free Download Manager\fdm.exe
E:\Gadu-Gadu\gg.exe
E:\Rising\Ris\rsnetsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
E:\Rising\Ris\ScanFrm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RisTray] "E:\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9a28360ef97e0) (gupdate1c9a28360ef97e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ris Process Communication Center (RisCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\CCENTER.EXE
O23 - Service: Rising RisTask Manager (RisTask) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\ScanFrm.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 8306 bytes
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-10-28, 15:28   
Cytat:
Więc tak usunąłem to co napisaliście i ... system jakby szybciej wystartował , więc może po to te wpisy były by usunąc je

To były właśnie zbędniki, które startowały z systemem i dlatego się teraz szybciej uruchomił.

Cytat:
Niestety nie wiem co mam wysłać w GMER bo dużo jest tego i co dokładnie sprawdzić ...

GMER -> zakładka Rootkit/Malware -> nic nie zmieniasz i klikasz Szukaj -> po zakończeniu klikasz Kopiuj i wklejasz zawartość na forum.


W OTL wklej:
Cytat:
:OTL
PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
O4 - HKLM..\Run: [] File not found

:Files
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[start explorer]
[Reboot]

Klikasz Run Fix. Dajesz log z usuwania
 
   
airborne82
Gość
Wysłany: 2009-10-28, 17:55   
log z GMER ... mam nadzieje ze dobrze to zrobiłem ... i jak to w ogóle wygląda ?? jest czysto ??



GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 17:47:30
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\GrZeSiO\USTAWI~1\Temp\kwxiyfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwAssignProcessToJobObject [0xB834C073]
SSDT \??\E:\Rising\Ris\rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.) ZwConnectPort [0xB2924C40]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateKey [0xB834C15A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateMutant [0xB834C0F7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcess [0xB834BE00]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcessEx [0xB834BE21]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateThread [0xB834BEA5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDebugActiveProcess [0xB834BFEF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteKey [0xB834C1BD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteValueKey [0xB834C19C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeviceIoControlFile [0xB834C094]
SSDT spig.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spig.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLoadDriver [0xB834BE63]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLockVirtualMemory [0xB834BFAD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKey [0xB834C241]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenProcess [0xB834C139]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenSection [0xB834BEC6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwProtectVirtualMemory [0xB834BF8C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0xB834C0D6]
SSDT spig.sys ZwQueryKey [0xB7EC610A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryValueKey [0xB834C052]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueueApcThread [0xB834BF6B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRenameKey [0xB834C1DE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRequestWaitReplyPort [0xB834C031]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRestoreKey [0xB834C220]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetContextThread [0xB834BF29]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSecurityObject [0xB834C1FF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemInformation [0xB834BFCE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemTime [0xB834C0B5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetValueKey [0xB834C17B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendProcess [0xB834BF4A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendThread [0xB834BF08]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSystemDebugControl [0xB834C010]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateProcess [0xB834BE42]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateThread [0xB834BEE7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwUnmapViewOfSection [0xB834C118]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwWriteVirtualMemory [0xB834BE84]

INT 0x62 ? 8B149BF8
INT 0x63 ? 8AF06BF8
INT 0x73 ? 8B149BF8
INT 0x73 ? 8B149BF8
INT 0x73 ? 8AF06BF8
INT 0x73 ? 8B149BF8
INT 0x82 ? 8B149BF8
INT 0x83 ? 8AF06BF8
INT 0xB4 ? 8AF06BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503D54 12 Bytes [4A, BF, 34, B8, 08, BF, 34, ...] {DEC EDX; MOV EDI, 0xbf08b834; XOR AL, 0xb8; ADC AL, AL; XOR AL, 0xb8}
? spig.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload B722E62C 5 Bytes JMP 8AF061D8
.text ad05lpge.SYS B7157386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ad05lpge.SYS B71573AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ad05lpge.SYS B71573C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ad05lpge.SYS B71573C9 1 Byte [2E]
.text ad05lpge.SYS B71573C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spig.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spig.sys
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Ntfs \Ntfs 8B1481F8
Device \FileSystem\Udfs \UdfsCdRom 89FCC500
Device \FileSystem\Udfs \UdfsDisk 89FCC500
Device \Driver\Tcpip \Device\Ip HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{7E3EB6E0-F0DB-45A7-90F9-A8A8C1B1A2E7} 8A7CF500
Device \Driver\usbuhci \Device\USBPDO-0 8AF041F8
Device \Driver\usbuhci \Device\USBPDO-1 8AF041F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0DA1F8
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBPDO-2 8AF041F8
Device \Driver\usbuhci \Device\USBPDO-3 8AF041F8
Device \Driver\usbehci \Device\USBPDO-4 8AEC61F8
Device \Driver\Tcpip \Device\Tcp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)

Device \Driver\prodrv06 \Device\ProDrv06 E2140008
Device \Driver\sptd \Device\1043464196 spig.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B14A1F8
Device \Driver\Cdrom \Device\CdRom0 8AE9A500
Device \FileSystem\Rdbss \Device\FsWrap HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Cdrom \Device\CdRom1 8AE9A500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B14A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8B14A1F8
Device \Driver\prohlp02 \Device\ProHlp02 E1A73F08
Device \Driver\Ftdisk \Device\HarddiskVolume7 8B14A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7CF500
Device \Driver\Ftdisk \Device\HarddiskVolume8 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume9 8B14A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A7CF500
Device \Driver\Tcpip \Device\Udp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)

Device \Driver\Tcpip \Device\RawIp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)

Device \Driver\PCI_PNP2946 \Device\0000005f spig.sys
Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBFDO-0 8AF041F8
Device \Driver\usbuhci \Device\USBFDO-1 8AF041F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A664500
Device \Driver\Tcpip \Device\IPMULTICAST HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBFDO-2 8AF041F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A664500
Device \Driver\usbuhci \Device\USBFDO-3 8AF041F8
Device \Driver\usbehci \Device\USBFDO-4 8AEC61F8
Device \Driver\Ftdisk \Device\FtControl 8B14A1F8
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\ad05lpge \Device\Scsi\ad05lpge1Port4Path0Target0Lun0 8AE7E1F8
Device \Driver\ad05lpge \Device\Scsi\ad05lpge1 8AE7E1F8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Cdfs \Cdfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Cdfs \Cdfs 8AEA4468

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x96 0x9C 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x22 0x4B 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x22 0x4B 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x5C 0x0E 0x63 ...

---- EOF - GMER 1.0.15 ----
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-10-28, 17:57   
GMER czysty, ale daj jeszcze ten log z usuwania OTL
_________________
 
   
airborne82
Gość
Wysłany: 2009-10-28, 18:01   
Teraz ten log z usuwania ... czy tak jest dobrze ??



All processes killed
========== OTL ==========
Process Explorer.EXE killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Google Software Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GrZeSiO
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Temp\etilqs_cjaBQZwW6WeefjLdJWO1 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Temp\etilqs_KXPin0TksfUq0q3SOyxQ scheduled to be deleted on reboot.
->Temp folder emptied: 1554163 bytes
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3648960 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 81443173 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2bc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_328.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82,74 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10282009_175602

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Temp\etilqs_cjaBQZwW6WeefjLdJWO1 not found!
File\Folder C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Temp\etilqs_KXPin0TksfUq0q3SOyxQ not found!
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\o2mx4anj.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2bc.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_328.dat not found!

Registry entries deleted on Reboot...
 
   
airborne82
Gość
Wysłany: 2009-10-28, 18:03   
Czy trzeba jeszcze coś zrobić ?? czy komputer już w miare bezpieczny i można włączyć przywracanie systemu ? czy też jeszcze jakies logi są potrzebne
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2009-10-28, 20:55   
Teraz już jest ok.

W OTL kliknij CleanUp

Przeczyść dysk oraz rejestr CCleaner

Przywracanie systemu możesz już włączyć.
_________________
 
   
airborne82
Gość
Wysłany: 2009-10-28, 21:33   
Dzięki za pomoc... mam nadzieje że już bedzie wszystko dobrze z internetem i w ogóle z systemem ... w razie czego wiem gdzie szukać ratunku :)
 
   
airborne82
Gość
Wysłany: 2009-10-29, 19:40   
Nagle niedawno znowu spadła mi szybkośc internetu i nawet rozłaczyło na chwilke a potem już chodziło na najniższej ... sprawdzałem od nowa programami ale nic nie wykryło ... wysyłam jeszcze to





Microsoft Windows XP [Wersja 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\GrZeSiO>netstat -a

Aktywne połączenia

Protokół Adres lokalny Obcy adres Stan
TCP grzesio-acmilan:epmap grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:microsoft-ds grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:1026 grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:1550 grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:6059 grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:1025 grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:1026 grzesio-acmilan:1258 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1260 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1262 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1263 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1266 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1268 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1269 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1272 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1274 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1276 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1277 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1280 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1282 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1026 grzesio-acmilan:1284 CZAS_OCZEKIWANIA
TCP grzesio-acmilan:1048 grzesio-acmilan:1049 USTANOWIONO
TCP grzesio-acmilan:1049 grzesio-acmilan:1048 USTANOWIONO
TCP grzesio-acmilan:1051 grzesio-acmilan:1052 USTANOWIONO
TCP grzesio-acmilan:1052 grzesio-acmilan:1051 USTANOWIONO
TCP grzesio-acmilan:1197 grzesio-acmilan:1026 OCZEKIWANIE_ZAMKN
TCP grzesio-acmilan:5152 grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:5152 grzesio-acmilan:1050 OCZEKIWANIE_ZAMKN
TCP grzesio-acmilan:netbios-ssn grzesio-acmilan:0 NASŁUCHIWANIE
TCP grzesio-acmilan:1047 211.103.159.97:http OCZEKIWANIE_ZAMKN
TCP grzesio-acmilan:1146 ip-91-197-13-66.gadu-gadu.pl:https USTANOWIONO
UDP grzesio-acmilan:microsoft-ds *:*
UDP grzesio-acmilan:isakmp *:*
UDP grzesio-acmilan:4500 *:*
UDP grzesio-acmilan:ntp *:*
UDP grzesio-acmilan:1030 *:*
UDP grzesio-acmilan:1127 *:*
UDP grzesio-acmilan:ntp *:*
UDP grzesio-acmilan:netbios-ns *:*
UDP grzesio-acmilan:netbios-dgm *:*

C:\Documents and Settings\GrZeSiO>
 
   
airborne82
Gość
Wysłany: 2009-10-29, 19:41   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:14, on 2009-10-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Ris\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\RavTask.exe
E:\Rising\Ris\RavMonD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\ScanFrm.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
E:\Rising\Ris\rsnetsvr.exe
E:\Rising\Ris\RsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Skype\Phone\Skype.exe
E:\Free Download Manager\fdm.exe
E:\Gadu-Gadu\gg.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RisTray] "E:\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9a28360ef97e0) (gupdate1c9a28360ef97e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ris Process Communication Center (RisCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\CCENTER.EXE
O23 - Service: Rising RisTask Manager (RisTask) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\ScanFrm.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 8373 bytes
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » prośba o sprawdzenie loga
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group - anime
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,76 sekundy. Zapytań do SQL: 9