- Kod: Zaznacz wszystko
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marcin at 2010-01-08 21:05:18
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 2 GB (10%) free of 20 GB
Total RAM: 1535 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:40, on 2010-01-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager .exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\WinCE3.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\RSIT.exe
C:\Documents and Settings\Marcin\Pulpit\tmp\Marcin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [UberIcon] "c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager .exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinCE3.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dane aplikacji\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\EXPRES~2\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{175D818A-1397-4B80-8551-57FB83BC22D0}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{175D818A-1397-4B80-8551-57FB83BC22D0}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 10175 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}]
SHOUTcast Loader - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-04 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-04 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-14 42088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-08-27 218160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{00000000-5736-4205-0008-781cd0e19f00} - Steganos Internet Anonym - c:\program files\steganos internet anonym pro 7\siapro7iep.dll [2005-07-20 450560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2010-01-08 11391592]
"ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2009-06-04 869888]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=c:\program files\daemon tools lite\daemon.exe [2010-01-08 11391592]
"nodenable"=C:\Program Files\eset\nodenable.exe [2010-01-08 11391592]
"UberIcon"=c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager .exe [2006-05-21 180224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-12-16 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2003-06-09 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2010-01-08 11391592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2005-03-31 1106944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-02-04 294912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
C:\Program Files\ipla\ipla.exe [2009-12-12 14100376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\itunes\iTunesHelper.exe [2009-07-13 292128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe [2004-02-13 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2007-04-19 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Nokia PC Suite 6\LaunchApplication.exe [2005-03-22 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
D:\Nokia PC Suite 6\PcSync2.exe [2005-04-20 847872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prec]
D:\Prec\PrecStarter.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIAPRO7]
C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe [2005-07-20 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-04 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2009-04-29 1053576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-02-25 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-13 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^Microsoft Office Groove.lnk]
C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE [2007-08-28 340856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
AirLive 802.11G Wireless Utility.lnk - C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
WinCE3.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoWindowsUpdate"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoLowDiscSpaceChecks"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\nfs\NFSC.exe"="D:\nfs\NFSC.exe:*:Enabled:NFSC"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\totalcmd\TOTALCMD.EXE"="D:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\BitComet\BitComet.exe"="D:\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"D:\Counter-Strike 1.6\hl.exe"="D:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Counter-Strike 1.6\hlds.exe"="D:\Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Documents and Settings\Marcin\Pulpit\CabalTemp\ESTSetupLoader.exe"="C:\Documents and Settings\Marcin\Pulpit\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\hipcio\aplikacja\gift\giftl.exe"="C:\hipcio\aplikacja\gift\giftl.exe:*:Enabled:Darmowe pobieranie plików z sieci"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
"D:\itunes\iTunes.exe"="D:\itunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Disabled:rlvknlg.exe"
"D:\SopCast\adv\SopAdver.exe"="D:\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"D:\SopCast\SopCast.exe"="D:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"
"D:\ned for speed underground\Speed.exe"="D:\ned for speed underground\Speed.exe:*:Disabled:Speed"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\FOX\Aliens vs. Predator 2\lithtech.exe"="D:\Program Files\FOX\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\xglslrx.exe"="C:\WINDOWS\system32\xglslrx.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\xglslrx .exe"="C:\WINDOWS\system32\xglslrx .exe:*:Enabled:ENABLE"
"c:\program files\skype\phone\skype .exe"="c:\program files\skype\phone\skype .exe:*:Enabled:skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-08 21:05:18 ----DC---- C:\rsit
2010-01-05 15:42:12 ----A---- C:\Program Files\RUNDLL32.EXE274520609.dat
2010-01-01 16:47:09 ----D---- C:\Program Files\RocketDock
2010-01-01 16:33:13 ----A---- C:\WINDOWS\system32\soundman.exe.delme98
2010-01-01 16:29:47 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2010-01-01 16:23:18 ----A---- C:\WINDOWS\BricoPackUninst.txt
2010-01-01 16:23:18 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2010-01-01 16:22:52 ----D---- C:\WINDOWS\BricoPacks
2010-01-01 12:33:56 ----A---- C:\WINDOWS\system32\xglslrx.exe.delme99
2009-12-16 21:59:43 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\Free Monitor for Google
2009-12-16 21:59:32 ----D---- C:\Program Files\Free Monitor for Google
2009-12-14 03:01:38 ----SHDC---- C:\Config.Msi
2009-12-13 08:51:28 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-13 08:51:28 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-13 08:51:28 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-12 19:11:34 ----D---- C:\Program Files\PlayReady
2009-12-10 11:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-10 03:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 03:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 03:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
======List of files/folders modified in the last 1 months======
2010-01-08 21:02:28 ----D---- C:\Program Files\Mozilla Firefox
2010-01-08 20:58:31 ----AD---- C:\WINDOWS\temp
2010-01-08 20:57:56 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\Hamachi
2010-01-08 20:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-08 20:43:05 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-08 18:58:00 ----D---- C:\WINDOWS\Prefetch
2010-01-08 16:59:07 ----D---- C:\WINDOWS\system32
2010-01-08 16:55:24 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\Skype
2010-01-08 16:47:57 ----D---- C:\Program Files\DAEMON Tools Lite
2010-01-08 16:47:48 ----D---- C:\Program Files\Nowe Gadu-Gadu
2010-01-08 16:46:48 ----D---- C:\Program Files\ESET
2010-01-08 16:46:34 ----D---- C:\WINDOWS
2010-01-08 16:44:46 ----D---- C:\Program Files\Messenger
2010-01-08 16:44:08 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\skypePM
2010-01-08 16:42:17 ----D---- C:\Program Files
2010-01-06 18:57:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-04 18:38:16 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2010-01-04 15:31:38 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 11:02:12 ----D---- C:\Program Files\ALLPlayer
2010-01-03 10:52:39 ----D---- C:\Program Files\NAPI-PROJEKT
2010-01-02 11:31:12 ----A---- C:\WINDOWS\updreg.exe.delme96
2010-01-01 16:33:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-01 16:33:01 ----SD---- C:\WINDOWS\Tasks
2010-01-01 16:32:10 ----RSD---- C:\WINDOWS\Fonts
2010-01-01 16:32:10 ----D---- C:\WINDOWS\system32\usmt
2010-01-01 16:32:10 ----D---- C:\Program Files\Outlook Express
2010-01-01 16:32:10 ----D---- C:\Program Files\Movie Maker
2010-01-01 16:32:10 ----D---- C:\Program Files\Internet Explorer
2010-01-01 16:29:46 ----A---- C:\WINDOWS\system32\uxtheme.dll
2010-01-01 16:27:22 ----D---- C:\WINDOWS\Cursors
2010-01-01 16:26:51 ----D---- C:\WINDOWS\Media
2010-01-01 14:33:13 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\ArcaMicroScan
2010-01-01 12:54:04 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-01 03:02:20 ----SHD---- C:\WINDOWS\Installer
2009-12-21 16:58:43 ----D---- C:\WINDOWS\Minidump
2009-12-19 15:59:40 ----A---- C:\WINDOWS\wincmd.ini
2009-12-19 12:47:24 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-17 20:43:54 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\Adobe
2009-12-14 03:15:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-14 03:12:49 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-12-14 03:07:25 ----RSD---- C:\WINDOWS\assembly
2009-12-13 08:51:28 ----HD---- C:\WINDOWS\inf
2009-12-12 19:11:39 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\ipla
2009-12-12 19:11:34 ----SDC---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2009-12-12 19:08:42 ----D---- C:\Documents and Settings\Marcin\Dane aplikacji\ipla
2009-12-12 19:08:35 ----D---- C:\Program Files\ipla
2009-12-12 12:40:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 03:22:45 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 03:10:02 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-03-23 21419]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-07-15 3640000]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-06-09 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-06-09 494384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-06-09 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-06-09 136448]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-06-09 116416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-06-09 819984]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-07 25280]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\System32\DRIVERS\HssDrv.sys [2009-09-15 37376]
R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-06-09 113840]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-17 5888]
R3 RT61;AirLive WT-2000PCI; C:\WINDOWS\System32\DRIVERS\RT61.sys [2007-07-27 483968]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-09-15 32768]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\System32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 avde3h3d;avde3h3d; C:\WINDOWS\system32\drivers\avde3h3d.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\D:\MediaCoder iPod Edition\SysInfo.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Port gier dla karty Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-06-09 135696]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mdxgthkn;mdxgthkn; \??\C:\DOCUME~1\Marcin\USTAWI~1\Temp\mdxgthkn.sys []
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-02-15 6300]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-02-15 9021]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-02-17 140619]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Sterownik filtru Przywracania systemu; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-09-15 204848]
R2 HssSrv;Hotspot Shield Helper Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-09-15 331824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-04 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-14 311296]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-04-19 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-13 66872]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Usuga stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HssTrayService;Hotspot Shield Tray Service; D:\Hotspot Shield\bin\HssTrayService.EXE []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-11-17 3596060]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Dodano Dzisiaj, 21:11:
i log z hijacka
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:11:01, on 2010-01-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager .exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\WinCE3.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [UberIcon] "c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager .exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" -firstboot (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinCE3.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dane aplikacji\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\EXPRES~2\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{175D818A-1397-4B80-8551-57FB83BC22D0}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{175D818A-1397-4B80-8551-57FB83BC22D0}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 10522 bytes
