Aktualizacje na programosy.pl: AquaSoft StagesFocuskyNetwork NotepadDiagram DesignerNTLite Free PortableNTLite Freen-Track StudioSoftPerfect WiFi GuardVidyard GoVideo  

  • Ogłoszenie:

Po znalezieniu rootkita

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Po znalezieniu rootkita

Postprzez lemur 13 Sie 2009, 15:39

reklama
Witam, znalazłem na komputerze w pliku rootkita który został usunięty. Mimo to nie wiem czy nie uaktywnił się gdzieś, oraz czy nie poukrywał jakiś złośliwości. Wstawiam log z HijackThis. Proszę o sprawdzenie.

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:38, on 2009-08-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\RivaTuner v2.24\RivaTuner.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\Lemur\USTAWI~1\Temp\tempalbert\MSASCul.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ARC] "C:\DOCUME~1\Lemur\USTAWI~1\Temp\tempalbert\MSASCul.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Valvesoftware\The Orange Box\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E500BE6-4903-48CF-BF0B-F8CF12EEE8C4}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
Intel core 2 duo E6750 2.6 @3,4GHz | GeForce Palit 8800GT 512MB OC | OCZ Reaper 2x 2GB | ASUS P5K-E | Samsung 320GB | Corsair HX750W.
lemur
~user
 
Posty: 310
Dołączenie: 02 Maj 2007, 20:38
Miejscowość: Warszawa
Pochwały: 7


Góra

Po znalezieniu rootkita

Postprzez wojtas 13 Sie 2009, 18:43

Pobierz OTL i daj z niego loga
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Po znalezieniu rootkita

Postprzez lemur 13 Sie 2009, 20:34

Kod: Zaznacz wszystko
OTL logfile created on: 2009-08-13 20:30:38 - Run 2
OTL by OldTimer - Version 3.0.10.6     Folder = E:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,84 Gb Free Space | 19,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 278,09 Gb Total Space | 99,81 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: F745BBE431374FF
Current User Name: Lemur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-06-10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005-07-08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2008-10-09 14:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-06-23 13:23:11 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007-02-14 13:09:06 | 00,056,344 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe
PRC - [2003-10-16 19:07:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe
PRC - [2004-01-26 12:38:38 | 00,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
PRC - [2003-10-16 19:07:12 | 00,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe
PRC - [2007-01-18 14:20:26 | 00,190,008 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
PRC - [2005-11-04 18:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2009-02-05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-02-11 22:23:28 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007-10-10 07:28:32 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009-06-23 13:23:12 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-02-25 19:55:00 | 02,781,184 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner.exe
PRC - [2006-07-13 14:11:42 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006-05-24 06:20:41 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006-05-24 06:20:44 | 00,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFIHLP.EXE
PRC - [2006-01-09 04:43:42 | 00,053,340 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2008-09-05 09:03:56 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2009-05-25 15:02:39 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005-07-08 16:25:10 | 01,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006-10-27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-10-09 14:25:34 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009-04-26 14:50:00 | 00,079,393 | ---- | M] () -- C:\Documents and Settings\Lemur\Ustawienia lokalne\Temp\tempalbert\MSASCul.exe
PRC - [2006-05-24 06:05:45 | 00,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFISPI.EXE
PRC - [2007-09-06 15:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
PRC - [2006-12-03 01:14:03 | 00,310,784 | ---- | M] (http://autoconnect.prv.pl) -- C:\Program Files\AutoConnect\AutoConnect.exe
PRC - [2006-11-24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2009-05-25 15:02:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-12-19 11:58:24 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2009-07-27 01:32:25 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2009-08-10 12:08:16 | 00,189,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2007-03-23 01:57:28 | 00,035,840 | ---- | M] () -- C:\Program Files\Advanced Registry Doctor\RegManServ.exe
PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2001-10-26 19:30:04 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007-02-14 13:09:06 | 01,313,816 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2009-07-24 03:57:02 | 03,191,696 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2009-08-09 14:51:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-13 20:24:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2007-02-14 13:09:06 | 00,056,344 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService [Auto | Running])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008-12-22 11:18:14 | 00,410,976 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS [On_Demand | Stopped])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005-07-08 17:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009-05-25 15:02:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009-06-23 13:23:11 | 01,003,344 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-06-10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009-07-27 01:32:25 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009-08-10 12:08:16 | 00,189,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2007-03-23 01:57:28 | 00,035,840 | ---- | M] () -- C:\Program Files\Advanced Registry Doctor\RegManServ.exe -- (RegManServ [Auto | Running])
SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2008-10-09 14:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-02-05 23:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2003-12-08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
DRV - [2003-12-08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009-02-05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009-02-21 19:32:04 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-03-27 01:16:28 | 00,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132 [On_Demand | Stopped])
DRV - [2006-05-24 05:48:02 | 00,158,720 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT [On_Demand | Stopped])
DRV - [2006-05-24 05:37:44 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2006-05-24 05:41:04 | 00,499,584 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2005-11-10 11:06:04 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2006-05-24 05:47:44 | 01,170,432 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.dll -- (CTEXFIFX [On_Demand | Stopped])
DRV - [2006-05-24 05:48:07 | 00,061,952 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT [On_Demand | Stopped])
DRV - [2006-05-24 05:41:07 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2006-05-24 05:38:08 | 00,143,872 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2007-08-02 18:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
DRV - [2006-05-24 05:38:01 | 00,078,336 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [1996-04-03 21:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2006-05-24 05:40:21 | 01,110,016 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
DRV - [2009-04-09 22:41:22 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2005-07-08 17:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005-07-08 17:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2005-07-08 16:17:32 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2006-02-07 13:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO [Boot | Running])
DRV - [2007-03-24 05:20:24 | 00,046,208 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2009-04-27 20:24:33 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009-02-21 19:32:04 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2004-08-13 12:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009-06-10 18:33:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006-05-24 05:38:30 | 00,116,224 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2009-08-10 12:08:31 | 00,137,928 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-09-19 23:57:32 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009-02-25 19:55:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006-09-24 15:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2009-02-12 18:43:53 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008-04-21 07:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2008-10-09 14:25:36 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008-07-26 22:30:30 | 00,014,416 | ---- | M] (OpenLibSys.org) -- C:\Documents and Settings\Lemur\Pulpit\real temp\WinRing0.sys -- (WinRing0_1_2_0 [On_Demand | Stopped])
DRV - [2006-07-26 09:56:00 | 00,248,832 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\S-1-5-21-1343024091-2000478354-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.08
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-25 15:02:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-09 14:51:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-09 14:51:15 | 00,000,000 | ---D | M]

[2009-02-11 21:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Extensions
[2009-02-11 21:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-08-13 16:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Firefox\Profiles\vpihycmo.default\extensions
[2009-05-28 10:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Firefox\Profiles\vpihycmo.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2009-05-02 14:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Firefox\Profiles\vpihycmo.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009-07-26 15:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lemur\Dane aplikacji\mozilla\Firefox\Profiles\vpihycmo.default\extensions\NPDyyno@dyyno.com
[2009-08-13 16:14:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-08-09 14:51:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-05-25 15:02:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-08-09 14:51:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-08-09 14:51:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-05-01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008-11-11 09:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009-05-25 15:02:39 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-05-12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009-05-19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008-06-27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-08-09 14:51:12 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007-05-10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-02-11 22:23:33 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009-04-19 21:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009-02-11 22:23:38 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009-02-11 22:23:31 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-05-01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009-07-23 13:01:36 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (906 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ARC] C:\Documents and Settings\Lemur\Ustawienia lokalne\Temp\tempalbert\MSASCul.exe ()
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O4 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003..\Run: [Steam] E:\Program Files\Valvesoftware\The Orange Box\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2]  File not found
O4 - Startup: C:\Documents and Settings\Lemur\Menu Start\Programy\Autostart\AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (Memeo)
O4 - Startup: C:\Documents and Settings\Lemur\Menu Start\Programy\Autostart\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\S-1-5-21-1343024091-2000478354-682003330-1003\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-02-11 20:18:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9b1a6bfe-f869-11dd-9297-000e50a7eed7}\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-08-13 00:39:02 | 03,351,999 | ---- | C] (FDRLab, Inc.                                                ) -- C:\WINDOWS\temp.exe
[2009-07-31 14:16:02 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\Skrót do zdjęcia.lnk
[2009-07-30 11:36:10 | 00,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-07-28 23:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Moje dokumenty\Activision
[2009-07-28 20:12:13 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\Skrót do Wow.lnk
[2009-07-27 21:52:40 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\listen.pls
[2009-07-27 14:37:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Moje dokumenty\ZPS11
[2009-07-27 14:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Dane aplikacji\Zoner
[2009-07-27 14:35:47 | 00,000,000 | ---D | C] -- C:\Program Files\Zoner
[2009-07-26 22:09:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Ustawienia lokalne\Dane aplikacji\Activision
[2009-07-25 20:41:28 | 00,000,000 | ---D | C] -- C:\Logs
[2009-07-24 03:57:06 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-07-23 21:06:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009-07-23 17:46:48 | 00,000,962 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\Play AWP.lnk
[2009-07-23 16:39:30 | 00,000,088 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2009-07-23 16:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2009-07-23 16:38:46 | 00,000,000 | ---D | C] -- C:\Program Files\Counter-Strike
[2009-07-22 19:21:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009-07-22 19:21:47 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009-07-22 19:21:47 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009-07-22 19:21:47 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009-07-20 13:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Pulpit\Nowy folder
[2009-07-19 20:40:44 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009-07-19 20:40:44 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009-07-19 18:43:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Moje dokumenty\NFS ProStreet
[2009-07-19 15:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Moje dokumenty\CAPCOM
[2009-07-19 00:01:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2009-07-17 20:15:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Moje dokumenty\NFS Carbon
[2009-07-17 19:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lemur\Pulpit\NFS Carbon
[2009-07-16 14:52:13 | 00,184,083 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\Realwar.iwd
[2009-07-16 14:52:04 | 64,170,961 | ---- | C] () -- C:\Documents and Settings\Lemur\Pulpit\{CF}_KriegsPack.iwd
[2009-07-06 22:55:49 | 00,000,071 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2009-06-10 08:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-27 12:03:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-24 21:04:31 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-05-24 21:04:31 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-05-24 21:04:30 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-05-24 21:04:30 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-05-24 21:04:29 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-24 21:04:29 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-05-23 21:06:00 | 00,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2009-05-14 13:29:33 | 00,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009-05-14 13:29:33 | 00,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009-05-13 16:15:18 | 00,000,065 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009-05-13 15:08:19 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009-05-02 22:41:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-03-24 23:22:43 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-02-27 15:13:22 | 00,000,295 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-02-27 14:55:56 | 00,001,913 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-02-23 15:06:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI
[2009-02-21 19:32:04 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-02-21 19:32:04 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-02-14 20:58:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-02-12 18:43:53 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-02-12 11:10:46 | 00,137,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-02-12 10:45:16 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-02-11 20:37:45 | 00,018,090 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009-02-11 20:37:32 | 00,017,789 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-02-11 20:37:31 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-02-11 20:37:18 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-02-11 20:24:41 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2009-02-11 20:24:05 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2008-10-28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008-10-07 23:41:40 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-05-24 07:00:48 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006-05-24 06:38:39 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005-07-26 23:13:12 | 00,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005-06-07 15:10:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2001-07-22 00:16:20 | 00,000,639 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-08-13 15:28:35 | 00,352,606 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009-08-13 15:28:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-08-13 15:27:56 | 00,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-08-13 15:27:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-13 15:27:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-13 01:03:39 | 00,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-08-13 01:03:39 | 00,053,948 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-08-13 01:03:39 | 00,053,948 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2009-08-13 01:03:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009-08-13 01:03:39 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009-08-13 01:03:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-08-13 00:54:10 | 01,117,158 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-08-13 00:54:10 | 00,500,826 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-08-13 00:54:10 | 00,441,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-08-13 00:54:10 | 00,089,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-08-13 00:54:10 | 00,071,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-08-13 00:39:02 | 03,351,999 | ---- | M] (FDRLab, Inc.                                                ) -- C:\WINDOWS\temp.exe
[2009-08-13 00:33:44 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Lemur\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-12 21:35:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-08-12 21:28:42 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-10 12:08:31 | 00,137,928 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-08-10 12:08:16 | 00,189,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009-08-10 12:08:16 | 00,189,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009-08-05 01:43:11 | 02,108,360 | -H-- | M] () -- C:\Documents and Settings\Lemur\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-07-31 14:16:02 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Lemur\Pulpit\Skrót do zdjęcia.lnk
[2009-07-30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-07-28 20:12:13 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Lemur\Pulpit\Skrót do Wow.lnk
[2009-07-28 00:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009-07-27 21:52:40 | 00,000,062 | ---- | M] () -- C:\Documents and Settings\Lemur\Pulpit\listen.pls
[2009-07-27 01:32:25 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009-07-26 22:00:46 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Lemur\Dane aplikacji\PnkBstrK.sys
[2009-07-26 21:59:50 | 00,682,280 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009-07-24 03:57:06 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-07-23 17:46:48 | 00,000,962 | ---- | M] () -- C:\Documents and Settings\Lemur\Pulpit\Play AWP.lnk
[2009-07-23 16:39:30 | 00,000,088 | ---- | M] () -- C:\WINDOWS\sierra.ini
[2009-07-19 20:40:44 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009-07-19 18:46:32 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009-07-19 18:46:32 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009-07-19 15:16:34 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-07-19 15:16:34 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009-07-17 21:04:02 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009-07-17 21:04:02 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
[2009-07-15 23:46:36 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86
< End of report >




A tutaj jest druga część http://wklej.org/hash/3141651210/
Intel core 2 duo E6750 2.6 @3,4GHz | GeForce Palit 8800GT 512MB OC | OCZ Reaper 2x 2GB | ASUS P5K-E | Samsung 320GB | Corsair HX750W.
lemur
~user
 
Posty: 310
Dołączenie: 02 Maj 2007, 20:38
Miejscowość: Warszawa
Pochwały: 7


Góra

Po znalezieniu rootkita

Postprzez wojtas 14 Sie 2009, 15:27

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę
C:\WINDOWS\temp.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)


1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości

Powered by phpBB © Group
Forum Programosy.pl