dragen

Użytkownik
  • Zawartość

    5
  • Rejestracja

  • Ostatnia wizyta

  1. Proszę o sprawdzenie loga.zmula komp

    [quote name='Tomek01' timestamp='1299624401' post='1217020'] Nie, wyglądało to na usługę rootkita, ale jak widać avenger go nie znalazł. Przeskanuj system za pomocą Mbam i DrWebCureIt. [/quote] Dzięki wielkie za pomoc!!! jedynie DrWeb znalazł 1 ingerencję w hosta, restart i czysto,Mbam ok
  2. Proszę o sprawdzenie loga.zmula komp

    [quote name='Tomek01' timestamp='1299611415' post='1216844'] Przeskanuj na virustotal poniższe pliki: C:\Windows\system32\drivers\hspawhnt.sys C:\Windows\system32\drivers\hspawh.sys C:\Windows\system32\drivers\hspabus.sys C:\Windows\system32\DRIVERS\connctfy.sys C:\Windows\system32\DRIVERS\connctfy.sys Pobierz [b][url="http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger"]Avenger[/url][/b] W polu ‘’ input script here’’ wklej taki tekst : [code]Files to delete: C:\Windows\system32\drivers\avlmritu.sys Drivers to delete: avlmritu [/code] Klikasz execute, komputer uruchamia się ponownie i generuje raport, który pokaż na forum. [/quote] W "driver" nic nie znalazło A ten sterownik [color="#595959"][font="monospace"][size="2"][color="#000000"]avlmritu[/color][color="#666600"].[/color][color="#000000"]sys to na 100% syf czy się domyślasz? bo w drivers go nie ma np..[/color][/size][/font][/color] [color="#595959"][font="monospace"][size="2"][color="#000000"]rozumiem że mam się nie bać to wywalić?? [/color][/size][/font][/color] [color="#595959"][font="monospace"][size="2"] [/size][/font][/color] [color="#595959"][font="monospace"][size="2"][color="#000000"]ok[/color][/size][/font][/color] [color="#595959"][font="monospace"][size="2"] [/size][/font][/color] [color="#595959"][font="monospace"][size="2"][color="#000000"][log][/color][/size][/font][/color][font="monospace"][size="2"]Logfile of The Avenger Version 2.0, (c) by Swandog46[/size][/font] [font="monospace"][size="2"]http://swandog46.geekstogo.com[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Platform: Windows Vista[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]*******************[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Script file opened successfully.[/size][/font] [font="monospace"][size="2"]Script file read successfully.[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Backups directory opened successfully at C:\Avenger[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]*******************[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Beginning to process script file:[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Rootkit scan active.[/size][/font] [font="monospace"][size="2"]No rootkits found![/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Error: file "C:\Windows\system32\drivers\avlmritu.sys" not found![/size][/font] [font="monospace"][size="2"]Deletion of file "C:\Windows\system32\drivers\avlmritu.sys" failed![/size][/font] [font="monospace"][size="2"]Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)[/size][/font] [font="monospace"][size="2"] --> the object does not exist[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\avlmritu" not found![/size][/font] [font="monospace"][size="2"]Deletion of driver "avlmritu" failed![/size][/font] [font="monospace"][size="2"]Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)[/size][/font] [font="monospace"][size="2"] --> the object does not exist[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Completed script processing.[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]*******************[/size][/font] [font="monospace"][size="2"] [/size][/font] [font="monospace"][size="2"]Finished! Terminate.[/size][/font] [/log]
  3. Proszę o sprawdzenie loga.zmula komp

    logi [log]OTL Extras logfile created on: 2011-03-08 18:27:03 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Raff\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,04 Gb Total Space | 54,08 Gb Free Space | 76,12% Space Free | Partition Type: NTFS Drive D: | 72,00 Gb Total Space | 71,29 Gb Free Space | 99,02% Space Free | Partition Type: NTFS Computer Name: RAFF-KOMPUTER | User Name: Raff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{077E2E73-01E0-4F37-81AD-C93C6C2F0933}" = Connection Manager "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{176039B8-FFE2-4987-B28C-2FB635605EA2}" = Connection Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support "{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.2 - Polish "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 2.8 "DAEMON Tools Lite" = DAEMON Tools Lite "DMX5_is1" = DriverMax 5 "foobar2000" = foobar2000 v0.9.6.9 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "ODIR_is1" = ODIR "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "SAMSUNG HSPA Modem" = SAMSUNG HSPA Modem Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "The KMPlayer" = The KMPlayer (remove only) "TweakNow RegCleaner_is1" = TweakNow RegCleaner "uTorrent" = µTorrent "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2438560076-718423898-1087716868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-03-05 20:46:57 | Computer Name = Raff-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\System32\systemcpl.dll". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-03-05 20:53:15 | Computer Name = Raff-Komputer | Source = VSS | ID = 8194 Description = Error - 2011-03-05 20:59:39 | Computer Name = Raff-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: ModemLauncher.exe, wersja: 1.6.9.101, sygnatura czasowa: 0x4ac4014f Nazwa modułu powodującego błąd: ModemLauncher.exe, wersja: 1.6.9.101, sygnatura czasowa: 0x4ac4014f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00016a19 Identyfikator procesu powodującego błąd: 0x4a8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbdb981e9f38bd Ścieżka aplikacji powodującej błąd: C:\Program Files\Connection Manager\ModemLauncher.exe Ścieżka modułu powodującego błąd: C:\Program Files\Connection Manager\ModemLauncher.exe Identyfikator raportu: 02dc508d-478d-11e0-a051-acccd98f0001 Error - 2011-03-05 21:05:33 | Computer Name = Raff-Komputer | Source = VSS | ID = 8194 Description = Error - 2011-03-05 21:16:41 | Computer Name = Raff-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\System32\systemcpl.dll". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-03-06 06:15:26 | Computer Name = Raff-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\innovative solutions\drivermax\DPInst\amd64\dpinst.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-03-06 06:15:26 | Computer Name = Raff-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\innovative solutions\drivermax\DPInst\ia64\dpinst.exe". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-03-06 20:04:04 | Computer Name = Raff-Komputer | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Windows\System32\systemcpl.dll". Nie można odnaleźć zestawu zależnego Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-03-08 05:39:52 | Computer Name = Raff-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: ModemLauncher.exe, wersja: 1.6.9.101, sygnatura czasowa: 0x4ac4014f Nazwa modułu powodującego błąd: ModemLauncher.exe, wersja: 1.6.9.101, sygnatura czasowa: 0x4ac4014f Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00016a19 Identyfikator procesu powodującego błąd: 0xde4 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbdd7415272ba3 Ścieżka aplikacji powodującej błąd: C:\Program Files\Connection Manager\ModemLauncher.exe Ścieżka modułu powodującego błąd: C:\Program Files\Connection Manager\ModemLauncher.exe Identyfikator raportu: 03ea7daa-4968-11e0-8d6b-8f96287f7403 Error - 2011-03-08 13:19:55 | Computer Name = Raff-Komputer | Source = Application Hang | ID = 1002 Description = Program OTL.exe w wersji 3.2.22.3 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1070 Godzina rozpoczęcia: 01cbddb3801695a9 Godzina zakończenia: 19 Ścieżka aplikacji: C:\Users\Raff\Downloads\OTL.exe Identyfikator raportu: [ System Events ] Error - 2011-03-08 05:35:34 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 05:38:13 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 05:40:45 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 34001 Description = Error - 2011-03-08 05:41:21 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 05:41:21 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 05:56:42 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 12:48:22 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 34001 Description = Error - 2011-03-08 12:49:49 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 12:49:49 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = Error - 2011-03-08 12:52:01 | Computer Name = Raff-Komputer | Source = ipnathlp | ID = 31004 Description = < End of report > [/log] [log]OTL logfile created on: 2011-03-08 18:27:03 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Raff\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 71,04 Gb Total Space | 54,08 Gb Free Space | 76,12% Space Free | Partition Type: NTFS Drive D: | 72,00 Gb Total Space | 71,29 Gb Free Space | 99,02% Space Free | Partition Type: NTFS Computer Name: RAFF-KOMPUTER | User Name: Raff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-03-08 18:08:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Raff\Downloads\OTL.exe PRC - [2011-02-24 14:32:20 | 010,025,576 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2011-02-18 09:22:03 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2011-01-20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-08-04 18:06:48 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-08-04 18:06:42 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-08-04 18:06:38 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-08-04 18:06:32 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2010-08-04 18:06:20 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-02-26 10:31:30 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2010-02-26 10:31:28 | 001,713,448 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2009-10-06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-01 10:09:38 | 000,241,664 | ---- | M] (Samsung Electronics.) -- C:\Program Files\Connection Manager\ModemLauncher.exe PRC - [2009-09-08 08:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009-08-23 13:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009-08-11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2009-07-14 02:14:46 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe PRC - [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 02:14:42 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe PRC - [2009-07-14 02:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-07-14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009-07-14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009-07-14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\alg.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-03-08 18:08:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Raff\Downloads\OTL.exe MOD - [2009-07-14 02:17:51 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 02:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-03-01 21:26:21 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2009-08-11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-06-15 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-01 21:26:21 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011-02-26 13:36:01 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-11-23 16:10:46 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-11-24 22:55:58 | 000,110,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspaserd.sys -- (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM) DRV - [2009-11-24 22:55:52 | 000,124,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspamdm.sys -- (hspamdm) DRV - [2009-11-24 22:55:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspamdfl.sys -- (hspamdfl) DRV - [2009-11-24 22:55:38 | 000,104,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspabus.sys -- (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM) DRV - [2009-10-14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg) DRV - [2009-10-02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-09-14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009-09-01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-06-20 16:07:06 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2009-06-15 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2438560076-718423898-1087716868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011-03-01 20:10:06 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011-02-26 11:07:33 | 000,000,921 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKU\S-1-5-21-2438560076-718423898-1087716868-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2438560076-718423898-1087716868-1000..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-2438560076-718423898-1087716868-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2149aa40-41a5-11e0-bcc7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2149aa40-41a5-11e0-bcc7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Users\Raff\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: [b]RtHDVCpl[/b] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-03-08 11:04:14 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-03-08 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-03-06 02:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connection Manager [2011-03-06 02:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Connection Manager [2011-03-06 01:39:41 | 000,104,576 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspabus.sys [2011-03-06 01:39:41 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspawhnt.sys [2011-03-06 01:39:41 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspawh.sys [2011-03-06 01:14:45 | 000,000,000 | ---D | C] -- C:\Users\Raff\Documents\My Drivers [2011-03-06 01:14:45 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Innovative Solutions [2011-03-06 01:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax [2011-03-06 01:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions [2011-03-06 01:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow RegCleaner [2011-03-06 01:01:02 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\TweakNow RegCleaner [2011-03-06 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner [2011-03-06 00:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-03-05 20:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011-03-05 20:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011-03-05 20:21:18 | 000,238,464 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMC326.sys [2011-03-05 20:21:16 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011-03-05 20:21:16 | 001,723,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2011-03-05 20:21:15 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011-03-05 20:21:15 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011-03-05 20:21:15 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011-03-05 20:21:15 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011-03-05 20:21:14 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2011-03-05 20:21:14 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2011-03-05 20:21:14 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2011-03-05 20:21:09 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2011-03-05 20:21:09 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2011-03-05 20:21:09 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2011-03-05 20:21:09 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2011-03-05 20:21:08 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2011-03-05 20:21:08 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2011-03-05 20:21:08 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2011-03-05 20:21:08 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2011-03-05 20:21:07 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011-03-05 20:21:07 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2011-03-05 20:21:07 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2011-03-05 20:21:07 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2011-03-05 20:21:07 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2011-03-05 20:21:07 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2011-03-05 20:21:06 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2011-03-05 20:21:06 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2011-03-05 20:21:06 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011-03-05 20:21:06 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011-03-05 20:21:05 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2011-03-05 20:21:05 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2011-03-05 20:21:05 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2011-03-05 20:21:05 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2011-03-05 20:21:05 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2011-03-05 20:21:05 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2011-03-05 20:21:04 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2011-03-05 20:21:04 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2011-03-05 20:21:04 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2011-03-05 20:21:04 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2011-03-05 20:21:04 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2011-03-05 20:21:04 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2011-03-05 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\foobar2000 [2011-03-04 23:02:52 | 000,110,208 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspaserd.sys [2011-03-04 23:02:51 | 000,124,032 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspamdm.sys [2011-03-04 23:02:51 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspamdfl.sys [2011-03-04 23:02:51 | 000,012,544 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspacmnt.sys [2011-03-04 23:02:51 | 000,012,544 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\hspacm.sys [2011-03-04 21:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions [2011-03-03 13:56:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011-03-02 11:41:03 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\skypePM [2011-03-02 11:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011-03-02 11:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011-03-02 11:38:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011-03-02 11:38:05 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Skype [2011-03-02 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011-03-02 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Microsoft Games [2011-03-02 01:46:40 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Malwarebytes [2011-03-02 01:46:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-03-02 01:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-03-02 01:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-03-02 01:46:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-03-02 01:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-03-02 01:23:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-03-02 00:44:43 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu [2011-03-02 00:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2011-03-01 21:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000 [2011-03-01 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000 [2011-03-01 21:20:57 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screamer Radio [2011-03-01 21:20:55 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Screamer Radio [2011-03-01 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\Raff\Documents\The KMPlayer [2011-03-01 21:14:56 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer [2011-03-01 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer [2011-03-01 20:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011-03-01 20:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011-03-01 20:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010 [2011-03-01 20:08:57 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011-03-01 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011-03-01 17:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011-03-01 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011-03-01 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011-03-01 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Adobe [2011-02-27 23:23:28 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\ElevatedDiagnostics [2011-02-27 11:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ODIR [2011-02-27 11:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODIR [2011-02-27 11:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\ODIR [2011-02-26 19:45:51 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Diagnostics [2011-02-26 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Raff\Documents\Pliki programu Outlook [2011-02-26 17:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Novatel Wireless [2011-02-26 17:51:31 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Downloaded Installations [2011-02-26 16:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2011-02-26 16:14:29 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\uTorrent [2011-02-26 15:25:23 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Gadu-Gadu [2011-02-26 15:18:29 | 000,000,000 | ---D | C] -- C:\Users\Raff\Gadu-Gadu [2011-02-26 15:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu [2011-02-26 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS [2011-02-26 14:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF [2011-02-26 14:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software [2011-02-26 14:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011-02-26 14:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011-02-26 14:36:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011-02-26 14:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011-02-26 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2011-02-26 14:32:24 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Microsoft Help [2011-02-26 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-02-26 14:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011-02-26 14:31:55 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011-02-26 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011-02-26 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\DAEMON Tools Lite [2011-02-26 13:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011-02-26 12:16:38 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-02-26 12:15:10 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Google [2011-02-26 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Deployment [2011-02-26 12:14:44 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Apps [2011-02-26 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Macromedia [2011-02-26 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Adobe [2011-02-26 11:56:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011-02-26 10:57:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Data [2011-02-26 10:32:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2011-02-26 10:28:17 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys [2011-02-26 10:28:17 | 001,249,792 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys [2011-02-26 10:28:17 | 000,000,000 | ---D | C] -- C:\Windows\Options [2011-02-26 10:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO [2011-02-26 10:28:16 | 000,400,544 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll [2011-02-26 10:28:16 | 000,064,672 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll [2011-02-26 10:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros [2011-02-26 10:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2011-02-26 10:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2011-02-26 10:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2011-02-26 10:19:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011-02-26 10:19:23 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll [2011-02-26 10:19:23 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll [2011-02-26 10:19:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2011-02-26 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011-02-26 09:54:12 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2011-02-26 09:49:57 | 000,345,600 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe [2011-02-26 09:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell [2011-02-26 09:33:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2011-02-26 09:32:38 | 000,000,000 | ---D | C] -- C:\Windows\CU [2011-02-26 09:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011-02-26 09:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG [2011-02-26 09:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011-02-26 09:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2011-02-26 09:17:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2011-02-26 09:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011-02-26 09:17:29 | 000,000,000 | ---D | C] -- C:\Intel [2011-02-26 09:15:38 | 000,000,000 | ---D | C] -- C:\Windows\VMC326 [2011-02-26 09:15:32 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrlc326.ax [2011-02-26 09:15:32 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMC326.dll [2011-02-26 09:15:31 | 000,344,064 | ---- | C] (vimicro) -- C:\Windows\System32\VMC326.ax [2011-02-26 09:15:31 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax [2011-02-26 09:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation [2011-02-26 09:15:30 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011-02-26 09:15:05 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\InstallShield [2011-02-26 09:14:38 | 000,000,000 | ---D | C] -- C:\Users\Raff\Documents\Folder wymiany interfejsu Bluetooth [2011-02-26 09:14:38 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Broadcom [2011-02-26 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM [2011-02-26 09:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2011-02-26 09:12:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011-02-26 09:11:29 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\WinRAR [2011-02-26 09:10:17 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-02-26 09:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011-02-26 09:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011-02-26 02:41:51 | 000,000,000 | R--D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011-02-26 02:41:51 | 000,000,000 | R--D | C] -- C:\Users\Raff\Searches [2011-02-26 02:41:51 | 000,000,000 | R--D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011-02-26 02:41:41 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Identities [2011-02-26 02:41:38 | 000,000,000 | R--D | C] -- C:\Users\Raff\Contacts [2011-02-26 02:41:24 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\VirtualStore [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Ustawienia lokalne [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\AppData\Local\Temporary Internet Files [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Szablony [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\SendTo [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Recent [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\PrintHood [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\NetHood [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Documents\Moje wideo [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Documents\Moje obrazy [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Moje dokumenty [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Documents\Moja muzyka [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Menu Start [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\AppData\Local\Historia [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Dane aplikacji [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\AppData\Local\Dane aplikacji [2011-02-26 02:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Raff\Cookies [2011-02-26 02:41:07 | 000,000,000 | --SD | C] -- C:\Users\Raff\AppData\Roaming\Microsoft [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Videos [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Saved Games [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Pictures [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Music [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Links [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Favorites [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Downloads [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Documents [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\Desktop [2011-02-26 02:41:07 | 000,000,000 | R--D | C] -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011-02-26 02:41:07 | 000,000,000 | -H-D | C] -- C:\Users\Raff\AppData [2011-02-26 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Temp [2011-02-26 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Local\Microsoft [2011-02-26 02:41:07 | 000,000,000 | ---D | C] -- C:\Users\Raff\AppData\Roaming\Media Center Programs [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\Recovery [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2011-02-26 02:40:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2011-02-26 01:54:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011-02-26 01:51:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011-02-26 01:51:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011-02-26 01:50:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011-02-26 01:50:09 | 000,000,000 | -HSD | C] -- C:\Boot [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-03-08 18:20:02 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000UA.job [2011-03-08 17:58:36 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-03-08 17:58:36 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-03-08 17:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-03-08 12:20:03 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000Core.job [2011-03-08 11:04:14 | 000,002,959 | ---- | M] () -- C:\Users\Raff\Desktop\HiJackThis.lnk [2011-03-08 10:33:32 | 000,691,176 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-03-08 10:33:32 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-03-08 10:33:32 | 000,132,638 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-03-08 10:33:32 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-03-08 10:31:23 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011-03-08 10:27:31 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2011-03-06 01:01:05 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2011-03-06 00:54:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-03-04 00:31:15 | 000,007,651 | ---- | M] () -- C:\Users\Raff\AppData\Local\Resmon.ResmonCfg [2011-03-02 11:41:08 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2011-03-01 21:26:21 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011-03-01 21:26:17 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011-03-01 21:26:17 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011-03-01 17:22:54 | 004,240,662 | ---- | M] () -- C:\Users\Raff\Desktop\lol.xps [2011-02-26 17:57:40 | 000,332,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-02-26 13:17:27 | 000,000,231 | ---- | M] () -- C:\Users\Raff\Documents\ax_files.xml [2011-02-26 11:25:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-02-26 11:07:33 | 000,000,921 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-02-26 10:21:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2011-02-26 09:35:18 | 000,014,354 | ---- | M] () -- C:\Windows\System32\results.xml [2011-02-26 09:25:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf [2011-02-26 01:55:54 | 000,067,517 | ---- | M] () -- C:\Windows\System32\license.rtf [2011-02-26 01:50:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-02-22 15:52:00 | 001,730,112 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-03-08 11:04:14 | 000,002,959 | ---- | C] () -- C:\Users\Raff\Desktop\HiJackThis.lnk [2011-03-06 01:01:05 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2011-03-06 00:54:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011-03-04 00:31:15 | 000,007,651 | ---- | C] () -- C:\Users\Raff\AppData\Local\Resmon.ResmonCfg [2011-03-02 11:41:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-03-01 20:10:46 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011-03-01 20:10:46 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011-03-01 17:45:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011-03-01 17:22:28 | 004,240,662 | ---- | C] () -- C:\Users\Raff\Desktop\lol.xps [2011-02-28 01:25:59 | 000,008,696 | -H-- | C] () -- C:\MessengerStyleSheet.xsl [2011-02-26 14:48:17 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011-02-26 13:13:43 | 000,000,231 | ---- | C] () -- C:\Users\Raff\Documents\ax_files.xml [2011-02-26 12:15:12 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000UA.job [2011-02-26 12:15:12 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000Core.job [2011-02-26 11:25:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011-02-26 10:28:17 | 000,355,159 | ---- | C] () -- C:\Windows\System32\netathr.inf [2011-02-26 10:28:17 | 000,058,484 | ---- | C] () -- C:\Windows\System32\athrext.cat [2011-02-26 10:21:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2011-02-26 09:35:18 | 000,014,354 | ---- | C] () -- C:\Windows\System32\results.xml [2011-02-26 09:32:42 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa [2011-02-26 09:32:42 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp [2011-02-26 09:32:42 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp [2011-02-26 09:32:42 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp [2011-02-26 09:32:42 | 000,039,308 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp [2011-02-26 09:32:42 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp [2011-02-26 09:25:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf [2011-02-26 02:41:53 | 000,001,421 | ---- | C] () -- C:\Users\Raff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011-02-26 01:55:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011-02-26 01:55:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011-02-26 01:51:05 | 1603,084,288 | -HS- | C] () -- C:\hiberfil.sys [2011-02-26 01:50:12 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011-02-26 01:50:10 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2009-09-09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009-07-14 09:07:57 | 000,691,176 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 09:07:57 | 000,132,638 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 000,332,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 000,610,094 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,104,412 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011-02-27 23:26:45 | 000,000,000 | ---D | M] -- C:\Users\Raff\AppData\Roaming\DAEMON Tools Lite [2011-03-05 15:30:57 | 000,000,000 | ---D | M] -- C:\Users\Raff\AppData\Roaming\foobar2000 [2011-02-26 15:25:23 | 000,000,000 | ---D | M] -- C:\Users\Raff\AppData\Roaming\Gadu-Gadu [2011-03-06 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Raff\AppData\Roaming\TweakNow RegCleaner [2011-03-05 17:15:26 | 000,000,000 | ---D | M] -- C:\Users\Raff\AppData\Roaming\uTorrent [2009-07-14 05:53:46 | 000,007,508 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011-02-26 01:50:12 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-03-08 10:27:31 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2008-06-27 17:00:04 | 000,008,696 | -H-- | M] () -- C:\MessengerStyleSheet.xsl [2011-03-05 23:24:29 | 000,000,531 | ---- | M] () -- C:\Multiloader.log [2011-03-05 23:24:29 | 000,000,531 | ---- | M] () -- C:\Multiloader[CH8].log [2011-03-08 10:27:35 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys [2011-02-26 10:19:43 | 000,002,005 | ---- | M] () -- C:\RHDSetup.log [2011-02-26 10:19:43 | 000,000,206 | ---- | M] () -- C:\setup.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe [2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] [log]info.txt logfile of random's system information tool 1.08 2011-03-08 18:47:28 ======Uninstall list====== µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex Adobe Reader 9.4.2 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Atheros Client Installation Program-->"C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0415 -removeonly CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9} Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE} Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640} Connection Manager-->"C:\Program Files\InstallShield Installation Information\{077E2E73-01E0-4F37-81AD-C93C6C2F0933}\setup.exe" -runfromtemp -l0x0015 -removeonly CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe DriverMax 5-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe" Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly Easy Resolution Manager-->MsiExec.exe /I{45535A5E-1F81-4F35-BE1D-43D10A7D03B4} Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove EasyBatteryManager-->"C:\Program Files\InstallShield Installation Information\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}\setup.exe" -runfromtemp -l0x0009 -removeonly foobar2000 v0.9.6.9-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000 Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} InstallVC90Support-->MsiExec.exe /X{6B9C32DB-DBCD-45A8-B901-3A92A99A2474} Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA} Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe Microsoft Office Access MUI (Polish) 2010-->MsiExec.exe /X{90140000-0015-0415-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2010-->MsiExec.exe /X{90140000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2010-->MsiExec.exe /X{90140000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2010-->MsiExec.exe /X{90140000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2010-->MsiExec.exe /X{90140000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2010-->MsiExec.exe /X{90140000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2010-->MsiExec.exe /X{90140000-0018-0415-0000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2010-->MsiExec.exe /X{90140000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2010-->MsiExec.exe /X{90140000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2010-->MsiExec.exe /X{90140000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2010-->MsiExec.exe /X{90140000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2010-->MsiExec.exe /X{90140000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly ODIR-->"C:\Program Files\ODIR\unins000.exe" Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709 SAMSUNG HSPA Modem Software-->C:\Program Files\SAMSUNG\SAMSUNG HSPA Modem\HSPAUninstall.exe Skype Toolbars-->MsiExec.exe /I{A29549FD-65F3-440C-A552-6B8114CF319D} Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe" TweakNow RegCleaner-->"C:\Program Files\TweakNow RegCleaner\unins000.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E} Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x86-brcm.inf_x86_neutral_6f5c4fcf7ed58496\bcbtums-win7x86-brcm.inf Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax86-brcm.inf_x86_neutral_a622a4701b0a8e59\bcbtums-vistax86-brcm.inf Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid32.inf_x86_neutral_6c4f31312ffe9ed6\bcbthid32.inf WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Hosts File====== 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sls.microsoft.com ======System event log====== Computer Name: 37L4247D28-05 Event Code: 7036 Message: Usługa Distributed Link Tracking Client weszła w stan stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20090714045645.074339-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 7036 Message: Usługa Security Center weszła w stan stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20090714045645.074339-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 7036 Message: Usługa Desktop Window Manager Session Manager weszła w stan stopped. Record Number: 3 Source Name: Service Control Manager Time Written: 20090714045645.074339-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 7036 Message: Usługa Diagnostic Policy Service weszła w stan stopped. Record Number: 2 Source Name: Service Control Manager Time Written: 20090714045645.074339-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 7036 Message: Usługa Microsoft Software Shadow Copy Provider weszła w stan stopped. Record Number: 1 Source Name: Service Control Manager Time Written: 20090714045645.074339-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247D28-05 Event Code: 900 Message: Usługa ochrony oprogramowania jest uruchamiana. Record Number: 5 Source Name: Microsoft-Windows-Security-SPP Time Written: 20110226005405.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20110226005206.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20110226005203.000000-000 Event Type: Informacje User: Computer Name: 37L4247D28-05 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20110226005159.388122-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247D28-05 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20110226005159.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247D28-05 Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110226005138.468486-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247D28-05$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x190 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110226005138.468486-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D28-05 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x2299a Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110226005132.493675-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110226005130.340871-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D28-05 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110226005130.231671-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=1c02 -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Raff at 2011-03-08 18:47:12 Microsoft Windows 7 Home Premium System drive C: has 55 GB (76%) free of 73 GB Total RAM: 2038 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:47:21, on 2011-03-08 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\Dwm.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Connection Manager\ModemLauncher.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskmgr.exe C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Users\Raff\Downloads\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\trend micro\Raff.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{08C1BB0C-B07A-4FE9-95E2-377F9AEF956E}: NameServer = 212.2.96.54 212.2.96.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{08C1BB0C-B07A-4FE9-95E2-377F9AEF956E}: NameServer = 212.2.96.54 212.2.96.53 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- End of file - 7460 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2438560076-718423898-1087716868-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-04 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-04 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-04 150552] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 1713448] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2011-03-01 340520] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-02-24 10025576] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304] "DriverMax_RESTART"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2011-02-15 9224104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\Raff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-02-24 10025576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-08-11 795936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-07-13 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2009-10-20 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-03-08 18:47:12 ----D---- C:\rsit 2011-03-08 11:04:02 ----D---- C:\Program Files\Trend Micro 2011-03-06 02:06:10 ----D---- C:\Program Files\Connection Manager 2011-03-06 01:39:41 ----A---- C:\Windows\system32\drivers\hspawhnt.sys 2011-03-06 01:39:41 ----A---- C:\Windows\system32\drivers\hspawh.sys 2011-03-06 01:39:41 ----A---- C:\Windows\system32\drivers\hspabus.sys 2011-03-06 01:14:01 ----D---- C:\Program Files\Innovative Solutions 2011-03-06 01:01:02 ----D---- C:\Users\Raff\AppData\Roaming\TweakNow RegCleaner 2011-03-06 01:01:02 ----D---- C:\Program Files\TweakNow RegCleaner 2011-03-06 00:54:44 ----D---- C:\Program Files\CCleaner 2011-03-05 20:22:35 ----D---- C:\Program Files\Microsoft Silverlight 2011-03-05 20:21:18 ----A---- C:\Windows\system32\drivers\VMC326.sys 2011-03-05 20:21:16 ----A---- C:\Windows\system32\WavesLib.dll 2011-03-05 20:21:16 ----A---- C:\Windows\system32\WavesGUILib.dll 2011-03-05 20:21:15 ----A---- C:\Windows\system32\SRSWOW.dll 2011-03-05 20:21:15 ----A---- C:\Windows\system32\SRSTSXT.dll 2011-03-05 20:21:15 ----A---- C:\Windows\system32\SRSTSHD.dll 2011-03-05 20:21:15 ----A---- C:\Windows\system32\SRSHP360.dll 2011-03-05 20:21:14 ----A---- C:\Windows\system32\SFNHK.dll 2011-03-05 20:21:14 ----A---- C:\Windows\system32\SFCOM.dll 2011-03-05 20:21:14 ----A---- C:\Windows\system32\SFAPO.dll 2011-03-05 20:21:13 ----A---- C:\Windows\system32\RtkPgExt.dll 2011-03-05 20:21:13 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys 2011-03-05 20:21:12 ----A---- C:\Windows\system32\RtkCoInst.dll 2011-03-05 20:21:12 ----A---- C:\Windows\system32\RtkApoApi.dll 2011-03-05 20:21:12 ----A---- C:\Windows\system32\RtkAPO.dll 2011-03-05 20:21:09 ----A---- C:\Windows\system32\RTEEP32A.dll 2011-03-05 20:21:09 ----A---- C:\Windows\system32\RTEEL32A.dll 2011-03-05 20:21:09 ----A---- C:\Windows\system32\RTEEG32A.dll 2011-03-05 20:21:09 ----A---- C:\Windows\system32\RTEED32A.dll 2011-03-05 20:21:08 ----A---- C:\Windows\system32\RP3DHT32.dll 2011-03-05 20:21:08 ----A---- C:\Windows\system32\RP3DAA32.dll 2011-03-05 20:21:08 ----A---- C:\Windows\system32\R4EEP32A.dll 2011-03-05 20:21:08 ----A---- C:\Windows\system32\R4EEL32A.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\R4EEG32A.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\R4EED32A.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\R4EEA32A.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\MaxxAudioRealtek.dll 2011-03-05 20:21:07 ----A---- C:\Windows\system32\MaxxAudioEQ.dll 2011-03-05 20:21:06 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll 2011-03-05 20:21:06 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll 2011-03-05 20:21:06 ----A---- C:\Windows\system32\MaxxAudioAPO.dll 2011-03-05 20:21:06 ----A---- C:\Windows\system32\FMAPO.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll 2011-03-05 20:21:05 ----A---- C:\Windows\system32\DTSLimiterDLL.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSLFXAPO.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSGFXAPONS.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSGFXAPO.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSBoostDLL.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\AERTARen.dll 2011-03-05 20:21:04 ----A---- C:\Windows\system32\AERTACap.dll 2011-03-05 15:30:34 ----D---- C:\Users\Raff\AppData\Roaming\foobar2000 2011-03-04 23:02:52 ----A---- C:\Windows\system32\drivers\hspaserd.sys 2011-03-04 23:02:51 ----A---- C:\Windows\system32\drivers\hspamdm.sys 2011-03-04 23:02:51 ----A---- C:\Windows\system32\drivers\hspamdfl.sys 2011-03-04 23:02:51 ----A---- C:\Windows\system32\drivers\hspacmnt.sys 2011-03-04 23:02:51 ----A---- C:\Windows\system32\drivers\hspacm.sys 2011-03-04 21:32:11 ----D---- C:\ProgramData\Innovative Solutions 2011-03-03 13:56:45 ----D---- C:\Windows\Minidump 2011-03-02 11:41:03 ----D---- C:\Users\Raff\AppData\Roaming\skypePM 2011-03-02 11:38:10 ----D---- C:\Program Files\Common Files\Skype 2011-03-02 11:38:06 ----RD---- C:\Program Files\Skype 2011-03-02 11:38:05 ----D---- C:\Users\Raff\AppData\Roaming\Skype 2011-03-02 11:37:55 ----D---- C:\ProgramData\Skype 2011-03-02 01:46:40 ----D---- C:\Users\Raff\AppData\Roaming\Malwarebytes 2011-03-02 01:46:27 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-03-02 01:46:25 ----D---- C:\ProgramData\Malwarebytes 2011-03-02 01:46:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-03-02 01:46:20 ----A---- C:\Windows\system32\drivers\mbam.sys 2011-03-02 01:23:05 ----D---- C:\Windows\pss 2011-03-02 00:43:57 ----D---- C:\Program Files\Gadu-Gadu 2011-03-01 21:22:45 ----D---- C:\Program Files\foobar2000 2011-03-01 21:14:45 ----D---- C:\Program Files\The KMPlayer 2011-03-01 20:09:22 ----D---- C:\ProgramData\Kaspersky Lab 2011-03-01 20:09:22 ----D---- C:\Program Files\Kaspersky Lab 2011-03-01 20:08:57 ----A---- C:\Windows\system32\drivers\klif.sys 2011-03-01 20:05:20 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2011-03-01 17:45:27 ----D---- C:\ProgramData\Adobe 2011-03-01 17:45:20 ----D---- C:\Program Files\Common Files\Adobe 2011-03-01 17:45:20 ----D---- C:\Program Files\Adobe 2011-02-27 11:53:45 ----D---- C:\ProgramData\ODIR 2011-02-27 11:51:06 ----A---- C:\Windows\system32\VB6STKIT.DLL 2011-02-27 11:51:05 ----D---- C:\Program Files\ODIR 2011-02-26 17:52:15 ----D---- C:\ProgramData\Novatel Wireless 2011-02-26 16:15:37 ----D---- C:\Program Files\uTorrent 2011-02-26 16:14:29 ----D---- C:\Users\Raff\AppData\Roaming\uTorrent 2011-02-26 15:25:23 ----D---- C:\Users\Raff\AppData\Roaming\Gadu-Gadu 2011-02-26 14:53:42 ----D---- C:\Program Files\GPLGS 2011-02-26 14:48:17 ----A---- C:\Windows\system32\cpwmon2k.dll 2011-02-26 14:48:16 ----D---- C:\Program Files\Acro Software 2011-02-26 14:36:19 ----D---- C:\Program Files\Common Files\DESIGNER 2011-02-26 14:36:02 ----D---- C:\Windows\PCHEALTH 2011-02-26 14:36:02 ----D---- C:\Program Files\Microsoft.NET 2011-02-26 14:32:53 ----D---- C:\Program Files\Microsoft Analysis Services 2011-02-26 14:32:13 ----D---- C:\ProgramData\Microsoft Help 2011-02-26 14:32:13 ----D---- C:\Program Files\Microsoft Office 2011-02-26 14:31:55 ----RHD---- C:\MSOCache 2011-02-26 13:35:24 ----D---- C:\Program Files\DAEMON Tools Lite 2011-02-26 13:34:00 ----D---- C:\Users\Raff\AppData\Roaming\DAEMON Tools Lite 2011-02-26 13:34:00 ----D---- C:\ProgramData\DAEMON Tools Lite 2011-02-26 13:02:53 ----A---- C:\Windows\system32\drivers\sptd.sys 2011-02-26 11:56:20 ----D---- C:\Users\Raff\AppData\Roaming\Macromedia 2011-02-26 11:56:20 ----D---- C:\Users\Raff\AppData\Roaming\Adobe 2011-02-26 11:56:16 ----D---- C:\Windows\system32\Macromed 2011-02-26 11:27:41 ----N---- C:\Windows\system32\MpSigStub.exe 2011-02-26 10:32:51 ----D---- C:\Windows\system32\Samsung_USB_Drivers 2011-02-26 10:28:17 ----D---- C:\Windows\system32\nn-NO 2011-02-26 10:28:17 ----D---- C:\Windows\Options 2011-02-26 10:28:17 ----A---- C:\Windows\system32\drivers\athr.sys 2011-02-26 10:28:17 ----A---- C:\Windows\system32\athr.sys 2011-02-26 10:28:16 ----N---- C:\Windows\system32\athihvui.dll 2011-02-26 10:28:16 ----N---- C:\Windows\system32\athihvs.dll 2011-02-26 10:28:06 ----D---- C:\Program Files\Atheros 2011-02-26 10:28:05 ----D---- C:\Program Files\Cisco 2011-02-26 10:26:54 ----D---- C:\ProgramData\Atheros 2011-02-26 10:20:55 ----D---- C:\Program Files\Synaptics 2011-02-26 10:19:34 ----D---- C:\Windows\system32\RTCOM 2011-02-26 10:19:23 ----HD---- C:\Program Files\Temp 2011-02-26 10:19:23 ----D---- C:\Program Files\Realtek 2011-02-26 10:19:23 ----A---- C:\Windows\system32\EDSPropPageExt.dll 2011-02-26 10:19:23 ----A---- C:\Windows\system32\EDSAPODll.dll 2011-02-26 10:19:23 ----A---- C:\Windows\RtlExUpd.dll 2011-02-26 09:56:41 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll 2011-02-26 09:56:41 ----A---- C:\Windows\system32\SynTPCo4.dll 2011-02-26 09:56:41 ----A---- C:\Windows\system32\SynTPAPI.dll 2011-02-26 09:56:41 ----A---- C:\Windows\system32\drivers\SynTP.sys 2011-02-26 09:56:40 ----A---- C:\Windows\system32\SynCtrl.dll 2011-02-26 09:56:40 ----A---- C:\Windows\system32\SynCOM.dll 2011-02-26 09:54:12 ----D---- C:\Windows\CheckSur 2011-02-26 09:53:33 ----A---- C:\Windows\explorer.exe 2011-02-26 09:52:57 ----A---- C:\Windows\system32\drivers\udfs.sys 2011-02-26 09:52:02 ----A---- C:\Windows\system32\CertEnroll.dll 2011-02-26 09:52:02 ----A---- C:\Windows\system32\atmfd.dll 2011-02-26 09:52:01 ----A---- C:\Windows\system32\t2embed.dll 2011-02-26 09:52:01 ----A---- C:\Windows\system32\fontsub.dll 2011-02-26 09:51:59 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2011-02-26 09:51:55 ----A---- C:\Windows\system32\wmp.dll 2011-02-26 09:51:53 ----A---- C:\Windows\system32\wmploc.DLL 2011-02-26 09:49:57 ----A---- C:\Windows\SetLCDStretchMode.exe 2011-02-26 09:49:46 ----A---- C:\Windows\system32\winresume.exe 2011-02-26 09:49:46 ----A---- C:\Windows\system32\winload.exe 2011-02-26 09:41:54 ----D---- C:\Program Files\Marvell 2011-02-26 09:33:14 ----D---- C:\Windows\system32\Lang 2011-02-26 09:33:13 ----A---- C:\Windows\system32\igxpun.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\TVWSetup.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\igfxtray.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\igfxsrvc.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\igfxpers.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\igfxext.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\igfxcfg.exe 2011-02-26 09:32:44 ----A---- C:\Windows\system32\hkcmd.exe 2011-02-26 09:32:42 ----A---- C:\Windows\system32\oemdspif.dll 2011-02-26 09:32:42 ----A---- C:\Windows\system32\igfxTMM.dll 2011-02-26 09:32:42 ----A---- C:\Windows\system32\igfxsrvc.dll 2011-02-26 09:32:42 ----A---- C:\Windows\system32\igfxCoIn_v2176.dll 2011-02-26 09:32:41 ----A---- C:\Windows\system32\igfxress.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\igfxpph.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\igfxexps.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\igfxdo.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\igfxdev.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\ig4icd32.dll 2011-02-26 09:32:40 ----A---- C:\Windows\system32\drivers\igdkmd32.sys 2011-02-26 09:32:39 ----A---- C:\Windows\system32\ig4dev32.dll 2011-02-26 09:32:39 ----A---- C:\Windows\system32\hccutils.dll 2011-02-26 09:32:38 ----D---- C:\Windows\CU 2011-02-26 09:28:56 ----D---- C:\Program Files\Common Files\InstallShield 2011-02-26 09:25:55 ----D---- C:\ProgramData\SAMSUNG 2011-02-26 09:25:23 ----A---- C:\Windows\system32\drivers\SABI.sys 2011-02-26 09:22:12 ----D---- C:\Program Files\Samsung 2011-02-26 09:17:44 ----D---- C:\Program Files\Intel 2011-02-26 09:17:44 ----A---- C:\Windows\system32\CSVer.dll 2011-02-26 09:17:29 ----D---- C:\Intel 2011-02-26 09:15:38 ----D---- C:\Windows\VMC326 2011-02-26 09:15:32 ----A---- C:\Windows\system32\VMC326.dll 2011-02-26 09:15:31 ----D---- C:\Program Files\Vimicro Corporation 2011-02-26 09:15:30 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-26 09:15:05 ----D---- C:\Users\Raff\AppData\Roaming\InstallShield 2011-02-26 09:13:55 ----A---- C:\Windows\system32\drivers\btwrchid.sys 2011-02-26 09:13:55 ----A---- C:\Windows\system32\drivers\btwl2cap.sys 2011-02-26 09:13:55 ----A---- C:\Windows\system32\drivers\btwavdt.sys 2011-02-26 09:13:54 ----A---- C:\Windows\system32\drivers\btwaudio.sys 2011-02-26 09:13:34 ----D---- C:\Program Files\WIDCOMM 2011-02-26 09:12:46 ----D---- C:\Program Files\DIFX 2011-02-26 09:12:04 ----SHD---- C:\Windows\Installer 2011-02-26 09:11:29 ----D---- C:\Users\Raff\AppData\Roaming\WinRAR 2011-02-26 09:10:07 ----D---- C:\Program Files\WinRAR 2011-02-26 02:47:07 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-02-26 02:41:41 ----D---- C:\Users\Raff\AppData\Roaming\Identities 2011-02-26 02:41:07 ----SD---- C:\Users\Raff\AppData\Roaming\Microsoft 2011-02-26 02:41:07 ----D---- C:\Users\Raff\AppData\Roaming\Media Center Programs 2011-02-26 02:40:58 ----SHD---- C:\Recovery 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Ulubione 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Szablony 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Pulpit 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Menu Start 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Dokumenty 2011-02-26 02:40:58 ----SHD---- C:\ProgramData\Dane aplikacji 2011-02-26 01:54:10 ----D---- C:\Windows\SoftwareDistribution 2011-02-26 01:51:31 ----D---- C:\Windows\Prefetch 2011-02-26 01:51:05 ----SHD---- C:\System Volume Information 2011-02-26 01:51:05 ----ASH---- C:\pagefile.sys 2011-02-26 01:51:05 ----ASH---- C:\hiberfil.sys 2011-02-26 01:50:25 ----D---- C:\Windows\Panther 2011-02-26 01:50:12 ----RASH---- C:\BOOTSECT.BAK 2011-02-26 01:50:09 ----SHD---- C:\Boot ======List of files/folders modified in the last 1 months====== 2011-03-08 17:50:56 ----RD---- C:\Program Files 2011-03-08 17:50:53 ----D---- C:\Windows\Temp 2011-03-08 17:50:53 ----D---- C:\Windows\system32\drivers 2011-03-08 10:34:14 ----D---- C:\Windows\system32\NDF 2011-03-08 10:33:32 ----D---- C:\Windows\System32 2011-03-08 10:33:31 ----D---- C:\Windows\inf 2011-03-07 20:45:46 ----D---- C:\Windows\system32\catroot 2011-03-07 20:45:45 ----D---- C:\Windows\system32\DriverStore 2011-03-07 00:33:46 ----D---- C:\Windows\system32\wdi 2011-03-06 11:40:43 ----D---- C:\Windows\system32\config 2011-03-06 01:45:20 ----D---- C:\Windows 2011-03-06 00:59:31 ----D---- C:\Windows\debug 2011-03-05 20:23:44 ----D---- C:\Windows\system32\catroot2 2011-03-05 20:23:09 ----SD---- C:\ProgramData\Microsoft 2011-03-04 21:32:11 ----HD---- C:\ProgramData 2011-03-04 00:45:40 ----D---- C:\Windows\system32\Tasks 2011-03-02 11:38:10 ----D---- C:\Program Files\Common Files 2011-03-01 17:56:20 ----D---- C:\Windows\winsxs 2011-02-26 18:32:23 ----D---- C:\Windows\rescache 2011-02-26 18:26:23 ----D---- C:\Windows\Logs 2011-02-26 15:17:26 ----D---- C:\Windows\Microsoft.NET 2011-02-26 15:17:24 ----RSD---- C:\Windows\assembly 2011-02-26 14:37:12 ----RSD---- C:\Windows\Fonts 2011-02-26 14:36:58 ----D---- C:\Program Files\Common Files\microsoft shared 2011-02-26 14:33:25 ----A---- C:\Windows\win.ini 2011-02-26 14:33:21 ----D---- C:\Program Files\Common Files\System 2011-02-26 14:33:08 ----D---- C:\Windows\ShellNew 2011-02-26 12:15:12 ----D---- C:\Windows\Tasks 2011-02-26 11:58:16 ----D---- C:\Windows\system32\drivers\etc 2011-02-26 11:56:19 ----D---- C:\Windows\Downloaded Program Files 2011-02-26 11:40:55 ----D---- C:\Windows\system32\LogFiles 2011-02-26 11:25:06 ----D---- C:\Windows\system32\drivers\UMDF 2011-02-26 11:19:37 ----D---- C:\Windows\ModemLogs 2011-02-26 11:02:09 ----D---- C:\Windows\ehome 2011-02-26 11:02:09 ----D---- C:\Program Files\Windows Media Player 2011-02-26 11:02:08 ----D---- C:\Windows\system32\Boot 2011-02-26 11:02:08 ----D---- C:\Windows\AppPatch 2011-02-26 10:28:17 ----D---- C:\Windows\system32\zh-TW 2011-02-26 10:28:17 ----D---- C:\Windows\system32\zh-CN 2011-02-26 10:28:17 ----D---- C:\Windows\system32\tr-TR 2011-02-26 10:28:17 ----D---- C:\Windows\system32\sv-SE 2011-02-26 10:28:17 ----D---- C:\Windows\system32\ru-RU 2011-02-26 10:28:17 ----D---- C:\Windows\system32\pt-PT 2011-02-26 10:28:17 ----D---- C:\Windows\system32\pl-PL 2011-02-26 10:28:17 ----D---- C:\Windows\system32\nl-NL 2011-02-26 10:28:17 ----D---- C:\Windows\system32\ko-KR 2011-02-26 10:28:17 ----D---- C:\Windows\system32\ja-JP 2011-02-26 10:28:17 ----D---- C:\Windows\system32\it-IT 2011-02-26 10:28:17 ----D---- C:\Windows\system32\hu-HU 2011-02-26 10:28:17 ----D---- C:\Windows\system32\fr-FR 2011-02-26 10:28:17 ----D---- C:\Windows\system32\fi-FI 2011-02-26 10:28:17 ----D---- C:\Windows\system32\es-ES 2011-02-26 10:28:17 ----D---- C:\Windows\system32\en-US 2011-02-26 10:28:17 ----D---- C:\Windows\system32\el-GR 2011-02-26 10:28:16 ----D---- C:\Windows\system32\de-DE 2011-02-26 10:28:16 ----D---- C:\Windows\system32\da-DK 2011-02-26 10:28:16 ----D---- C:\Windows\system32\cs-CZ 2011-02-26 09:15:38 ----D---- C:\Windows\twain_32 2011-02-26 09:13:46 ----SD---- C:\Windows\system32\Microsoft 2011-02-26 09:13:06 ----D---- C:\Windows\system32\restore 2011-02-26 02:46:57 ----D---- C:\Windows\system32\wbem 2011-02-26 02:41:37 ----SHD---- C:\$Recycle.Bin 2011-02-26 02:41:07 ----RD---- C:\Users 2011-02-26 02:40:58 ----D---- C:\Program Files\Windows NT 2011-02-26 02:06:31 ----D---- C:\Windows\system32\CodeIntegrity 2011-02-26 01:55:01 ----D---- C:\Windows\system32\sysprep ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 klbg;Kaspersky Lab Boot Guard Driver; C:\Windows\system32\drivers\klbg.sys [2009-10-14 36880] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-26 431672] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-03-01 311312] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-09-14 21520] R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys [2009-05-28 10752] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-11-23 1249792] R3 hspabus;SAMSUNG HSPA USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\hspabus.sys [2009-11-24 104576] R3 hspamdfl;SAMSUNG HSPA Modem Filter; C:\Windows\system32\DRIVERS\hspamdfl.sys [2009-11-24 14848] R3 hspamdm;SAMSUNG HSPA Modem Drivers; C:\Windows\system32\DRIVERS\hspamdm.sys [2009-11-24 124032] R3 hspaserd;SAMSUNG HSPA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\hspaserd.sys [2009-11-24 110208] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-07-13 4806656] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-02-24 3408808] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-26 242992] R3 VMC326;Vimicro Camera Service VMC326; C:\Windows\System32\Drivers\VMC326.sys [2009-06-20 238464] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 ADDMEM;ADDMEM; \??\C:\Users\Raff\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 avlmritu;avlmritu; C:\Windows\system32\drivers\avlmritu.sys [] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880] S3 btwaudio;Urz1dzenie Dźwięk Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-07-01 108072] S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344] S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys [] S3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-11 582944] R2 yksvc;Marvell Yukon Service; C:\Windows\System32\svchost.exe [2009-07-14 20992] S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2011-03-01 340520] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] -----------------EOF----------------- [/log]
  4. Witam, serdecznie proszę o sprawdzenie loga Komputer niedługo po reinstalacji, ostatnio obciążenie procesora to prawie 100% bardzo długi czas. nie wiem czy coś się dostało, czy mam za dużo niepotrzebnych wpisów.. trochę dziwne bo śledzę co się dzieje, ale na to nie ma zasady.. jeśli ktoś pomoże wkleję loga Będę wdzięczny za pomoc Rafał
  5. Sprawdzanie loga

    Witam, serdecznie proszę o sprawdzenie loga Komputer niedługo po reinstalacji, ostatnio obciążenie procesora to prawie 100% nie wiem czy coś się dostało, czy mam za dużo niepotrzebnych wpisów.. trochę dziwne bo śledzę co się dzieje, ale to niema zasady.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:05:00, on 2011-03-08 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Windows\system32\taskeng.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Connectify\Connectify.exe C:\Program Files\Connection Manager\ModemLauncher.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Raff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{08C1BB0C-B07A-4FE9-95E2-377F9AEF956E}: NameServer = 212.2.96.54 212.2.96.53 O17 - HKLM\System\CS1\Services\Tcpip\..\{08C1BB0C-B07A-4FE9-95E2-377F9AEF956E}: NameServer = 212.2.96.54 212.2.96.53 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe -- End of file - 7818 bytes Dzięki!!