Proszę o sprawdzenie log'a, trojanDownloader.Wigon.bs
witam.zamuliło mi kompa prosze o sprawdzenie logów
jak i gdzie sprawdzić ładowanie alternatora + pytanie o akku
moze ktos sprawdzic mi log?prosze
Dysk Twardy: nowy czy "z odzysku"_jak sprawdzić?
Proszę o sprawdzenie Loag z HiJack
Prosze o sprawdzenie. Kompletnie sie na tym niz znam :)
Proszę o sprawdzenie logów z HijackThis
sprawdzie moje logi plx
Bardzo prosze o sprawdzenie Logu :(
chomiki
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:04:59, on 2009-10-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Ris\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\RavTask.exe
E:\Rising\Ris\RavMonD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
E:\Rising\Ris\ScanFrm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\Rising\Ris\rsnetsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
E:\Rising\Ris\RsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Skype\Phone\Skype.exe
E:\Free Download Manager\fdm.exe
E:\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RisTray] "E:\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O4 - Global Startup: Microsoft Office.bat
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9a28360ef97e0) (gupdate1c9a28360ef97e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ris Process Communication Center (RisCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\CCENTER.EXE
O23 - Service: Rising RisTask Manager (RisTask) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\ScanFrm.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 9225 bytes
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
Oprócz tego co podał Asdef, w celu optymalizacji usuń także te wpisy:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Global Startup: Microsoft Office.bat
Dodatkowo podaj logi z OTL i GMER
Więc tak usunąłem to co napisaliście i ... system jakby szybciej wystartował , więc może po to te wpisy były by usunąc je ... teraz zamieszczam reszte logów
OTL logfile created on: 2009-10-28 14:58:44 - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = E:\OTL
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,36 Gb Free Space | 22,96% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 34,04 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,50 Gb Free Space | 58,06% Space Free | Partition Type: NTFS
Drive F: | 58,59 Gb Total Space | 0,41 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 0,91 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
Drive H: | 86,39 Gb Total Space | 2,72 Gb Free Space | 3,15% Space Free | Partition Type: NTFS
Drive I: | 117,19 Gb Total Space | 5,16 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive J: | 117,19 Gb Total Space | 38,12 Gb Free Space | 32,53% Space Free | Partition Type: NTFS
Drive K: | 114,19 Gb Total Space | 46,06 Gb Free Space | 40,34% Space Free | Partition Type: NTFS
Computer Name: GRZESIO-ACMILAN
Current User Name: GrZeSiO
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009-10-27 15:02:57 | 00,521,728 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
PRC - [2009-09-24 01:52:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-09-24 01:52:01 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-09-10 19:14:46 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-02 08:18:08 | 01,187,840 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-06-30 06:04:59 | 00,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\ScanFrm.exe
PRC - [2009-06-12 21:33:36 | 00,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavTask.exe
PRC - [2009-06-12 21:33:34 | 00,494,192 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rsnetsvr.exe
PRC - [2009-06-12 21:33:27 | 00,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavMonD.exe
PRC - [2009-06-12 21:23:35 | 00,113,264 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\CCENTER.EXE
PRC - [2009-06-12 21:23:26 | 00,141,936 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RsTray.exe
PRC - [2009-04-30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009-04-28 01:40:44 | 04,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009-04-27 10:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2009-04-15 08:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009-04-15 08:42:52 | 00,133,664 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009-03-11 12:00:54 | 24,095,528 | ---- | M] (Skype Technologies S.A.) -- E:\Skype\Phone\Skype.exe
PRC - [2009-02-06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-01-31 02:45:14 | 03,399,727 | ---- | M] (FreeDownloadManager.ORG) -- E:\Free Download Manager\fdm.exe
PRC - [2008-12-29 11:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-02-17 14:03:57 | 02,396,160 | ---- | M] (Gadu-Gadu Sp. z oo) -- E:\Gadu-Gadu\gg.exe
PRC - [2002-09-28 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
========== Win32 Services (SafeList) ==========
SRV - [2009-09-24 01:52:01 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-06-30 06:04:59 | 00,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\ScanFrm.exe -- (RsScanSrv [Auto | Stopped])
SRV - [2009-06-12 21:33:36 | 00,129,648 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavTask.exe -- (RisTask [Auto | Running])
SRV - [2009-06-12 21:33:27 | 00,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\RavMonD.exe -- (RsRavMon [Auto | Stopped])
SRV - [2009-06-12 21:23:35 | 00,113,264 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\CCENTER.EXE -- (RisCCenter [Auto | Stopped])
SRV - [2009-04-30 23:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2009-04-28 01:40:44 | 04,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service [Auto | Running])
SRV - [2009-04-27 10:39:50 | 00,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService [Auto | Running])
SRV - [2009-04-15 08:42:54 | 00,186,912 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2009-03-24 12:28:17 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009-03-11 20:55:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a28360ef97e0 [Auto | Stopped])
SRV - [2009-03-03 13:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - [2008-12-08 16:15:26 | 00,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EnergySaver\GSvr.exe -- (GEST Service [Auto | Stopped])
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
SRV - [2005-05-20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004-10-16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2009-10-28 14:55:43 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Running])
DRV - [2009-09-10 09:19:52 | 00,043,160 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rsfwdrv.sys -- (rsfwdrv [System | Running])
DRV - [2009-08-13 16:08:48 | 00,144,024 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookSys.sys -- (hooksys [System | Running])
DRV - [2009-06-22 11:17:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2009-06-12 21:33:19 | 00,019,312 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- E:\Rising\Ris\rfwtdi.sys -- (rfwtdi [Auto | Running])
DRV - [2009-06-12 21:23:35 | 00,018,288 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\rfwbase.sys -- (RfwBase9 [On_Demand | Running])
DRV - [2009-06-12 21:23:35 | 00,015,216 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\drivers\HookCont.sys -- (hookcont [System | Running])
DRV - [2009-06-12 21:23:28 | 00,010,832 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\system32\Drivers\RsNTGdi.sys -- (RsNTGDI [Boot | Running])
DRV - [2009-06-06 20:52:05 | 00,094,208 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\ezplay.sys -- (ezplay [On_Demand | Stopped])
DRV - [2009-06-06 20:52:00 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2009-06-06 19:25:09 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-05-03 13:06:16 | 00,279,712 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-05-03 13:06:15 | 00,025,888 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2009-04-30 21:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009-04-23 02:55:37 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009-03-27 00:16:28 | 00,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdm.sys -- (k510mdm [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mgmt.sys -- (k510mgmt [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510obex.sys -- (k510obex [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510bus.sys -- (k510bus [On_Demand | Stopped])
DRV - [2009-03-14 23:32:04 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdfl.sys -- (k510mdfl [On_Demand | Stopped])
DRV - [2009-03-09 11:25:12 | 00,038,304 | ---- | M] (NVIDIA Corp.) -- C:\WINDOWS\System32\DRIVERS\nvoclock.sys -- (nvoclock [On_Demand | Running])
DRV - [2009-01-13 12:10:08 | 05,015,040 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008-09-17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008-08-08 09:15:56 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- E:\PowerDVD\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running])
DRV - [2008-07-04 10:22:36 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-09-05 13:48:24 | 12,212,864 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys -- (SNP2STD [On_Demand | Stopped])
DRV - [2006-09-24 14:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006-07-05 13:46:06 | 00,063,352 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a [Boot | Running])
DRV - [2006-06-14 15:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2006-06-14 12:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys -- (EIO_XP [System | Running])
DRV - [2006-05-05 18:21:00 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\System32\drivers\nvport.sys -- (nvport [System | Running])
DRV - [2006-04-13 01:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2006-04-13 01:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006-04-13 01:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2006-03-29 07:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2005-06-06 16:51:38 | 00,011,264 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])
DRV - [2005-01-07 16:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005-01-05 17:02:10 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2004-08-09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
DRV - [2004-08-09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])
DRV - [2004-08-01 07:09:24 | 00,055,936 | ---- | M] (OrangeWare Corporation) -- C:\WINDOWS\System32\DRIVERS\ousb2hub.sys -- (ousb2hub [On_Demand | Stopped])
DRV - [2004-08-01 07:09:24 | 00,044,928 | ---- | M] (OrangeWare Corporation) -- C:\WINDOWS\System32\Drivers\ousbehci.sys -- (ousbehci [Auto | Stopped])
DRV - [2004-07-19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
DRV - [2004-07-17 10:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003-12-01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
DRV - [2003-07-17 16:40:06 | 00,265,728 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2003-07-17 13:02:08 | 00,017,097 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PONDIS5.SYS -- (PONDIS5 [On_Demand | Stopped])
DRV - [2002-09-28 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002-09-28 23:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2002-07-17 07:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2001-08-17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
DRV - [2001-08-17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
DRV - [2001-08-17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
DRV - [2001-08-17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [1999-12-17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [1996-04-03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
========== Modules (SafeList) ==========
MOD - [2009-10-27 15:02:57 | 00,521,728 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
MOD - [2006-08-25 16:51:13 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005-05-24 16:46:33 | 00,032,768 | ---- | M] () -- E:\Gadu-Gadu\ggwhook.dll
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/...er=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2009-06-06 22:10:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-01 22:46:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-11 13:21:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-23 01:10:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-01 00:26:00 | 00,000,000 | ---D | M]
[2009-03-11 03:10:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Extensions
[2009-03-11 03:10:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-27 14:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions
[2009-10-24 23:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009-09-22 20:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009-04-03 17:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009-05-04 15:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009-05-04 14:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\mozilla\Firefox\Profiles\o2mx4anj.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009-10-27 14:40:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-09-10 19:14:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-05-01 22:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-09-05 18:46:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-09-10 19:14:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-10 19:14:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-11-11 08:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009-07-25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-09-10 19:14:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-02-27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-09-10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-01-23 13:09:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008-09-10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-09-05 18:43:39 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2007-07-26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009-09-05 18:43:39 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-09-05 18:43:39 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-09-05 18:43:39 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-09-05 18:43:39 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-09-05 18:43:39 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-09-05 18:43:39 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll (BitComet)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RisTray] E:\Rising\Ris\RsTray.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Gadu-Gadu] E:\Gadu-Gadu\gg.exe (Gadu-Gadu Sp. z oo)
O4 - HKCU..\Run: [Skype] E:\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O8 - Extra context menu item: &D&ownload &with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - E:\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - E:\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Pobierz w Free Download Manager - E:\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - E:\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - E:\Free Download Manager\dlselected.htm ()
O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll (BitComet)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll (Techland)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macrome...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop Components:1 (Aqua Real) - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-11 02:19:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:17 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-03-11 02:19:59 | 00,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-25 19:44:18 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e44a8339-10cb-11de-9e01-0001e345c536}\Shell\AutoRun\command - "" = N:\eexyv.exe -- File not found
O33 - MountPoints2\{e44a8339-10cb-11de-9e01-0001e345c536}\Shell\open\Command - "" = N:\eexyv.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\WINDOWS\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009-10-27 03:01:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2009-10-27 15:37:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-10-01 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\salvation
[2009-10-19 13:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Ace
[2009-10-14 13:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\FUEL
[2009-10-03 18:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Leadertech
[2009-10-27 15:38:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Malwarebytes
[2009-10-21 19:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Nowe Gadu-Gadu
[2009-10-25 00:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\TMNT
[2009-10-20 18:44:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\Ubisoft
[2009-10-24 20:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\CAPCOM
[2009-10-15 20:37:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\Deployment
[2009-10-05 15:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\FlatOut Ultimate Carnage
[2009-10-21 20:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GHOSTBUSTERS (tm)
[2009-10-07 17:53:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\NFS Underground 2
[2009-10-01 22:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\salvation
[2009-10-14 15:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\VirtuaTennis2009
[2009-10-21 20:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009-10-14 13:23:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009-10-01 00:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-09-30 23:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-27 15:37:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-10-27 15:37:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-10-25 19:44:17 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009-10-23 06:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009-10-21 20:29:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\GHOSTBUSTERS (tm)
[2009-10-19 13:24:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\WALL-E
[2009-10-15 17:47:38 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-10-15 17:47:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009-10-14 15:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\VirtuaTennis2009
[2009-10-06 19:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\Eidos
[2009-10-05 15:47:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009-10-05 05:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\FIFA 10
[2009-10-01 00:40:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft
[2009-10-01 00:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\GrZeSiO\Moje dokumenty\CAPCOM
[2009-10-01 00:03:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2009-10-01 00:00:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-10-01 00:00:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009-09-30 23:59:21 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009-06-06 19:01:35 | 00,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.sys
[2009-03-12 13:19:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.sys
[2009-03-12 12:51:23 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2009-03-12 12:51:23 | 00,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
========== Files - Modified Within 30 Days ==========
[2009-10-28 14:55:54 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-10-28 14:55:43 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009-10-28 14:55:33 | 00,230,158 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-10-28 14:55:32 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-10-28 14:55:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-28 14:55:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-28 14:18:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-10-27 15:12:30 | 00,000,130 | ---- | M] () -- C:\WINDOWS\System32\BsMain.ini
[2009-10-27 15:12:28 | 00,000,288 | ---- | M] () -- C:\WINDOWS\Ris.inf
[2009-10-27 02:46:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-26 23:31:14 | 00,001,042 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-26 23:31:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-26 23:31:14 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009-10-26 02:44:49 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-10-23 05:57:08 | 00,000,053 | ---- | M] () -- C:\WINDOWS\DelToolbox.bat
[2009-10-23 04:35:11 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-10-23 04:35:11 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-10-21 20:25:03 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-21 19:19:27 | 00,000,449 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\15.Gadu-Gadu.lnk
[2009-10-21 01:17:56 | 01,579,910 | -H-- | M] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-15 23:14:31 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009-10-11 13:57:03 | 00,029,216 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-10-11 13:33:51 | 00,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-11 13:19:23 | 01,071,212 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-11 13:19:23 | 00,500,302 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-11 13:19:23 | 00,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-11 13:19:23 | 00,088,838 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-11 13:19:23 | 00,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-04 00:16:22 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\25.SMS.lnk
[2009-10-04 00:15:13 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\16.AMCap.lnk
[2009-10-04 00:03:52 | 00,000,436 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\6.Teledyski.lnk
[2009-10-03 18:29:47 | 00,000,425 | ---- | M] () -- C:\Documents and Settings\GrZeSiO\Pulpit\7.Muzyka.lnk
[2009-10-03 18:11:52 | 00,000,120 | ---- | M] () -- C:\WINDOWS\disney.ini
========== Files - No Company Name ==========
[2009-10-23 05:57:08 | 00,000,053 | ---- | C] () -- C:\WINDOWS\DelToolbox.bat
[2009-10-21 19:19:27 | 00,000,449 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Pulpit\15.Gadu-Gadu.lnk
[2009-10-17 17:17:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2009-10-03 17:44:55 | 00,000,120 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-09-25 23:44:48 | 00,000,147 | ---- | C] () -- C:\WINDOWS\wa.INI
[2009-08-30 13:56:46 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009-08-26 01:05:12 | 00,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2009-08-26 01:05:12 | 00,124,931 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2009-08-26 01:05:10 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2009-08-26 01:05:07 | 00,730,121 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2009-08-26 01:05:07 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2009-08-26 01:05:07 | 00,003,020 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
[2009-08-15 11:56:36 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009-08-05 15:14:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009-07-16 12:51:40 | 00,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2009-07-14 22:41:55 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\wpcap.dll
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\packet.dll
[2009-06-22 11:17:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\npf.sys
[2009-06-20 21:00:56 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2009-06-12 21:29:42 | 00,000,031 | ---- | C] () -- C:\WINDOWS\rav.ini
[2009-06-12 21:26:29 | 00,000,130 | ---- | C] () -- C:\WINDOWS\System32\BsMain.ini
[2009-06-12 21:24:57 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Ris.ini
[2009-06-06 19:01:38 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.log
[2009-06-06 19:01:35 | 00,007,861 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.cat
[2009-06-06 19:01:35 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.inf
[2009-06-06 19:01:35 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezplay.ini
[2009-06-06 19:01:27 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\inst.exe
[2009-05-14 19:18:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-14 19:18:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-05-14 19:18:15 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-05-14 19:18:14 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-14 19:18:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-14 18:42:39 | 00,000,036 | ---- | C] () -- C:\WINDOWS\plugSpk.INI
[2009-05-13 19:31:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\.googlewebacchosts
[2009-05-08 12:44:14 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-05-08 12:44:14 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-05-08 12:44:13 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-05-03 13:06:16 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-05-03 13:06:15 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-04-30 23:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-04-30 23:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-04-30 23:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-04-30 23:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-04-21 23:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-04-16 23:46:43 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\apache.dll
[2009-04-06 01:06:59 | 00,002,678 | ---- | C] () -- C:\WINDOWS\VPlayer.INI
[2009-03-12 17:40:36 | 00,000,294 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-03-12 13:19:59 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.log
[2009-03-12 13:19:58 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\ezpinst.exe
[2009-03-12 13:19:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.cat
[2009-03-12 13:19:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\pcouffin.inf
[2009-03-12 12:51:27 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009-03-12 12:51:26 | 12,212,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009-03-12 12:51:26 | 00,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2009-03-12 12:29:39 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009-03-11 19:03:38 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-03-11 17:36:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-11 17:36:29 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-03-11 16:14:27 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-11 03:05:04 | 00,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009-03-11 02:48:22 | 00,029,216 | ---- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-03-11 02:30:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-11 02:25:39 | 01,579,910 | -H-- | C] () -- C:\Documents and Settings\GrZeSiO\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-03-11 02:23:25 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\GrZeSiO\Dane aplikacji\desktop.ini
[2009-03-11 02:13:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-10-07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-04-26 03:05:50 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002-10-27 10:49:26 | 00,108,908 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2002-09-28 23:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002-09-28 23:00:00 | 00,001,042 | ---- | C] () -- C:\WINDOWS\win.ini
[2002-09-28 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-07-07 03:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997-03-31 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997-03-31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996-04-03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes C:\Documents and Settings\All Users\Dane aplikacji\Temp:466F9D5D
@Alternate Data Stream - 133 bytes C:\Documents and Settings\All Users\Dane aplikacji\Temp:9482CFB4
@Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\Temp:4F96D8E6
@Alternate Data Stream - 112 bytes C:\Documents and Settings\All Users\Dane aplikacji\Temp:0F8F5844
@Alternate Data Stream - 105 bytes C:\Documents and Settings\All Users\Dane aplikacji\Temp:A9662AE0
< End of report >
Niestety nie wiem co mam wysłać w GMER bo dużo jest tego i co dokładnie sprawdzić ...
a log po naprawie, w HijackThis wygłada tak
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:07, on 2009-10-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Ris\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
E:\Rising\Ris\RavTask.exe
E:\Rising\Ris\RavMonD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Rising\Ris\RsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Skype\Phone\Skype.exe
E:\Free Download Manager\fdm.exe
E:\Gadu-Gadu\gg.exe
E:\Rising\Ris\rsnetsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
E:\Rising\Ris\ScanFrm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [RisTray] "E:\Rising\Ris\RsTray.exe" -system
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://E:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://E:\Free Download Manager\dlselected.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Usługa Google Update (gupdate1c9a28360ef97e0) (gupdate1c9a28360ef97e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ris Process Communication Center (RisCCenter) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\CCENTER.EXE
O23 - Service: Rising RisTask Manager (RisTask) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - E:\Rising\Ris\ScanFrm.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 8306 bytes
Więc tak usunąłem to co napisaliście i ... system jakby szybciej wystartował , więc może po to te wpisy były by usunąc je
To były właśnie zbędniki, które startowały z systemem i dlatego się teraz szybciej uruchomił.
Niestety nie wiem co mam wysłać w GMER bo dużo jest tego i co dokładnie sprawdzić ...
GMER zakładka Rootkit/Malware nic nie zmieniasz i klikasz Szukaj po zakończeniu klikasz Kopiuj i wklejasz zawartość na forum.
W OTL wklej:
:OTL
PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
O4 - HKLM..\Run: [] File not found
:Files
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
[start explorer]
[Reboot]
Klikasz Run Fix. Dajesz log z usuwania
log z GMER ... mam nadzieje ze dobrze to zrobiłem ... i jak to w ogóle wygląda jest czysto
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 17:47:30
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\GrZeSiO\USTAWI~1\Temp\kwxiyfod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwAssignProcessToJobObject [0xB834C073]
SSDT \??\E:\Rising\Ris\rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.) ZwConnectPort [0xB2924C40]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateKey [0xB834C15A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateMutant [0xB834C0F7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcess [0xB834BE00]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcessEx [0xB834BE21]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateThread [0xB834BEA5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDebugActiveProcess [0xB834BFEF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteKey [0xB834C1BD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteValueKey [0xB834C19C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeviceIoControlFile [0xB834C094]
SSDT spig.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spig.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLoadDriver [0xB834BE63]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLockVirtualMemory [0xB834BFAD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKey [0xB834C241]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenProcess [0xB834C139]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenSection [0xB834BEC6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwProtectVirtualMemory [0xB834BF8C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0xB834C0D6]
SSDT spig.sys ZwQueryKey [0xB7EC610A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryValueKey [0xB834C052]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueueApcThread [0xB834BF6B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRenameKey [0xB834C1DE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRequestWaitReplyPort [0xB834C031]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRestoreKey [0xB834C220]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetContextThread [0xB834BF29]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSecurityObject [0xB834C1FF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemInformation [0xB834BFCE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemTime [0xB834C0B5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetValueKey [0xB834C17B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendProcess [0xB834BF4A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendThread [0xB834BF08]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSystemDebugControl [0xB834C010]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateProcess [0xB834BE42]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateThread [0xB834BEE7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwUnmapViewOfSection [0xB834C118]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwWriteVirtualMemory [0xB834BE84]
INT 0x62 ? 8B149BF8
INT 0x63 ? 8AF06BF8
INT 0x73 ? 8B149BF8
INT 0x73 ? 8B149BF8
INT 0x73 ? 8AF06BF8
INT 0x73 ? 8B149BF8
INT 0x82 ? 8B149BF8
INT 0x83 ? 8AF06BF8
INT 0xB4 ? 8AF06BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503D54 12 Bytes [4A, BF, 34, B8, 08, BF, 34, ...] {DEC EDX; MOV EDI, 0xbf08b834; XOR AL, 0xb8; ADC AL, AL; XOR AL, 0xb8}
? spig.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload B722E62C 5 Bytes JMP 8AF061D8
.text ad05lpge.SYS B7157386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ad05lpge.SYS B71573AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ad05lpge.SYS B71573C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ad05lpge.SYS B71573C9 1 Byte [2E]
.text ad05lpge.SYS B71573C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spig.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spig.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spig.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spig.sys
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\ad05lpge.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Ntfs \Ntfs 8B1481F8
Device \FileSystem\Udfs \UdfsCdRom 89FCC500
Device \FileSystem\Udfs \UdfsDisk 89FCC500
Device \Driver\Tcpip \Device\Ip HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E3EB6E0-F0DB-45A7-90F9-A8A8C1B1A2E7} 8A7CF500
Device \Driver\usbuhci \Device\USBPDO-0 8AF041F8
Device \Driver\usbuhci \Device\USBPDO-1 8AF041F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0DA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0DA1F8
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBPDO-2 8AF041F8
Device \Driver\usbuhci \Device\USBPDO-3 8AF041F8
Device \Driver\usbehci \Device\USBPDO-4 8AEC61F8
Device \Driver\Tcpip \Device\Tcp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\prodrv06 \Device\ProDrv06 E2140008
Device \Driver\sptd \Device\1043464196 spig.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B14A1F8
Device \Driver\Cdrom \Device\CdRom0 8AE9A500
Device \FileSystem\Rdbss \Device\FsWrap HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Cdrom \Device\CdRom1 8AE9A500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B14A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8B1491F8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8B1491F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8B14A1F8
Device \Driver\prohlp02 \Device\ProHlp02 E1A73F08
Device \Driver\Ftdisk \Device\HarddiskVolume7 8B14A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7CF500
Device \Driver\Ftdisk \Device\HarddiskVolume8 8B14A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume9 8B14A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A7CF500
Device \Driver\Tcpip \Device\Udp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\Tcpip \Device\RawIp HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp rfwtdi.sys (rfwtdi5.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\PCI_PNP2946 \Device\0000005f spig.sys
Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBFDO-0 8AF041F8
Device \Driver\usbuhci \Device\USBFDO-1 8AF041F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A664500
Device \Driver\Tcpip \Device\IPMULTICAST HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\usbuhci \Device\USBFDO-2 8AF041F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A664500
Device \Driver\usbuhci \Device\USBFDO-3 8AF041F8
Device \Driver\usbehci \Device\USBFDO-4 8AEC61F8
Device \Driver\Ftdisk \Device\FtControl 8B14A1F8
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \Driver\ad05lpge \Device\Scsi\ad05lpge1Port4Path0Target0Lun0 8AE7E1F8
Device \Driver\ad05lpge \Device\Scsi\ad05lpge1 8AE7E1F8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Cdfs \Cdfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Cdfs \Cdfs 8AEA4468
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x55 0x96 0x9C 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x22 0x4B 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0x22 0x4B 0x11 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x95 0x0B 0xCE 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEA 0x51 0x8E 0xBE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE8 0x5A 0xA8 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x74 0x5C 0x0E 0x63 ...
---- EOF - GMER 1.0.15 ----
GMER czysty, ale daj jeszcze ten log z usuwania OTL
