klimek1313 utworzono 29 lipca 2010 utworzono 29 lipca 2010 czesc, rozsypał mi się laptok, pracując na koncie gościa włącza się faude.exe i jest nie do usunięcia. ani z menadżera programów ani nie ma go po odpaleniu msconfig w start-upie. ponadto co chwilę resetuje się explorer.exe "w celu ochrony danych". na koncie administratora procka żre zkqon.exe... eeeech, proszę o pomoc, jestem na robocie wyjazdowej i laptok to mój jedyny kontakt z domem. dzięki oto log z Combofixa: [log] ComboFix 09-07-01.01 - H&K 2010-07-28 18:41.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2550.2096 [GMT 2:00] Uruchomiony z: c:\2-instalki\DiagnozaSystemu\ComboFix.exe . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\H&K\USTAWI~1\Temp\Del2.tmp c:\windows\010112010146118114.dat . ((((((((((((((((((((((((( Pliki utworzone od 2010-06-28 do 2010-07-28 ))))))))))))))))))))))))))))))) . 2010-07-28 10:01 . 2010-07-28 10:02 -------- d-----w- C:\_SMA 2010-07-28 08:09 . 2010-07-28 08:09 -------- d-----w- c:\documents and settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} 2010-07-28 08:05 . 2010-07-28 08:04 194560 ----a-w- c:\windows\Gvumua.exe 2010-07-28 08:02 . 2010-07-28 08:02 108 ----a-w- c:\documents and settings\H&K\a.bat 2010-07-28 08:02 . 2010-07-28 08:02 131072 --sh--r- c:\documents and settings\H&K\zkqon.exe 2010-07-28 08:02 . 2010-07-28 06:51 73728 ----a-w- c:\documents and settings\H&K\u.exe 2010-07-28 08:02 . 2010-07-28 06:47 117760 ----a-w- c:\documents and settings\H&K\s.exe 2010-07-28 08:02 . 2010-07-28 06:28 73728 ----a-w- c:\documents and settings\H&K\r.exe 2010-07-28 08:02 . 2010-07-28 06:09 131072 ----a-w- c:\documents and settings\H&K\a.exe 2010-07-18 09:35 . 2010-07-18 09:35 -------- d-----w- c:\program files\Xing 2010-07-18 09:35 . 1998-12-16 10:08 317952 ----a-w- c:\windows\system32\Roboex32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-28 16:35 . 2009-07-16 05:16 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-07-28 16:35 . 2008-11-07 15:54 56680 ----a-w- c:\windows\system32\rpcnet.dll 2010-07-28 10:15 . 2007-06-16 09:02 89144 ----a-w- c:\windows\system32\perfc015.dat 2010-07-28 10:15 . 2007-06-16 09:02 500720 ----a-w- c:\windows\system32\perfh015.dat 2010-07-28 10:02 . 2010-03-05 03:21 -------- d-----w- c:\documents and settings\H&K\Dane aplikacji\Skype 2010-07-24 23:08 . 2007-06-16 01:50 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-07-18 09:35 . 2009-02-20 17:32 -------- d-----w- c:\program files\Common Files\xing shared 2010-07-08 20:18 . 2007-11-07 15:24 -------- d-----w- c:\program files\HAM 2010-07-06 08:41 . 2009-01-09 13:53 1 ----a-w- c:\documents and settings\H&K\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys 2010-07-06 08:26 . 2007-11-22 10:29 -------- d-----w- c:\program files\Lx_cats 2010-06-06 03:38 . 2009-07-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2003-11-16 22:18 . 2009-09-11 15:38 172032 ----a-r- c:\program files\Matematyka.exe 2003-11-16 22:18 . 2009-09-11 15:38 380928 ----a-r- c:\program files\Piklib42.dll 2003-08-12 13:53 . 2009-09-11 15:38 159744 ----a-r- c:\program files\Uninstall.exe 2002-06-20 14:22 . 2009-09-11 15:38 51 ----a-r- c:\program files\am.url 2000-06-06 19:05 . 2009-09-11 15:38 142 ----a-r- c:\program files\Matematyka.ini 2000-05-22 10:30 . 2009-09-11 15:38 5054880 ----a-r- c:\program files\m1.wav 2000-05-22 10:30 . 2009-09-11 15:38 3178396 ----a-r- c:\program files\m2.wav 2000-05-22 10:30 . 2009-09-11 15:38 3226364 ----a-r- c:\program files\m3.wav 2000-05-22 10:30 . 2009-09-11 15:38 3973400 ----a-r- c:\program files\m4.wav 2000-05-22 10:29 . 2009-09-11 15:38 1680256 ----a-r- c:\program files\m5.wav . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_06.14.31 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-16 09:04 . 2008-04-14 17:20 73728 c:\windows\wmacet.dll + 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll + 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll + 2005-09-22 23:16 . 2005-09-22 23:16 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2005-09-22 23:16 . 2005-09-22 23:16 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2009-10-09 14:06 . 2009-10-09 14:07 26483 c:\windows\unins001.dat + 2010-07-28 16:35 . 2010-07-28 16:35 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat + 2009-11-26 16:04 . 1995-08-03 15:06 12800 c:\windows\system32\WING32.DLL + 2009-11-26 16:04 . 1995-08-03 15:06 92208 c:\windows\system32\WING.DLL + 2007-10-09 10:58 . 2007-10-09 10:58 16896 c:\windows\system32\tswpfwrp.exe + 2009-07-06 07:27 . 2007-03-22 18:54 35840 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll + 2009-07-06 07:27 . 2007-03-22 18:24 28160 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll + 2009-07-06 07:27 . 2006-06-29 11:07 14048 c:\windows\system32\spmsg2.dll - 2008-10-29 13:13 . 2008-11-07 15:32 17408 c:\windows\system32\rpcnetp.dll + 2008-10-29 13:13 . 2009-07-16 05:16 17408 c:\windows\system32\rpcnetp.dll + 2009-11-26 18:22 . 1995-11-25 10:36 76288 c:\windows\system32\RLDDI.DLL + 2009-11-26 17:14 . 1995-11-25 10:36 76288 c:\windows\system32\RLDDF.DLL + 2007-10-09 11:03 . 2007-10-09 11:03 33304 c:\windows\system32\PresentationHostProxy.dll + 2007-06-16 09:02 . 2010-07-28 10:15 71506 c:\windows\system32\perfc009.dat + 2007-10-11 07:55 . 2007-10-11 07:55 88576 c:\windows\system32\infocardapi.dll + 2008-01-18 07:33 . 2009-10-21 16:45 33792 c:\windows\system32\identprv.dll + 2007-10-11 07:55 . 2007-10-11 07:55 11776 c:\windows\system32\icardres.dll + 2007-10-09 11:03 . 2007-10-09 11:03 73752 c:\windows\system32\dxva2.dll + 2006-11-06 16:04 . 2006-11-06 16:04 28672 c:\windows\system32\drivers\wceusbsh.sys - 2008-02-23 02:38 . 2008-02-23 02:38 43872 c:\windows\system32\drivers\pxhelp20.sys + 2008-11-20 19:19 . 2008-11-20 19:19 43872 c:\windows\system32\drivers\pxhelp20.sys + 2009-08-21 07:30 . 2008-06-19 15:24 28544 c:\windows\system32\drivers\pavboot.sys + 2006-11-06 16:04 . 2006-11-06 16:04 28672 c:\windows\system32\dllcache\wceusbsh.sys + 2007-03-22 18:24 . 2007-03-22 18:24 28160 c:\windows\system32\dllcache\FilterPipelinePrintProc.dll - 2007-06-16 01:47 . 2009-07-02 06:12 65536 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-06-16 01:47 . 2010-07-28 16:35 65536 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-06-16 01:47 . 2010-07-28 16:35 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-06-16 01:47 . 2009-07-02 06:12 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-06-16 01:47 . 2009-07-02 06:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2007-06-16 01:47 . 2010-07-28 16:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-11-13 13:56 . 2006-11-13 13:56 23336 c:\windows\system32\ceutil.dll + 2009-11-26 16:04 . 2009-09-23 20:07 12800 c:\windows\system\WING32.DLL + 2009-11-26 16:04 . 2009-09-23 20:07 92208 c:\windows\system\WING.DLL + 2007-11-07 17:02 . 2007-11-07 17:02 71160 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll + 2007-11-07 17:02 . 2007-11-07 17:02 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe + 2007-11-07 17:02 . 2007-11-07 17:02 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll + 2007-11-07 14:26 . 2007-11-07 14:26 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2052.dll + 2007-11-07 14:26 . 2007-11-07 14:26 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1042.dll + 2007-11-07 14:26 . 2007-11-07 14:26 95736 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1041.dll + 2007-11-07 14:26 . 2007-11-07 14:26 90104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1028.dll + 2007-11-07 14:26 . 2007-11-07 14:26 83456 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2052.dll + 2007-11-07 14:26 . 2007-11-07 14:26 93696 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1042.dll + 2007-11-07 14:26 . 2007-11-07 14:26 96768 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1041.dll + 2007-11-07 14:26 . 2007-11-07 14:26 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1028.dll + 2007-11-07 14:26 . 2007-11-07 14:26 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe + 2007-11-07 17:02 . 2007-11-07 17:02 28672 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe + 2007-11-07 17:02 . 2007-11-07 17:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe + 2007-11-07 17:02 . 2007-11-07 17:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe + 2007-10-09 10:58 . 2007-10-09 10:58 14848 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe + 2007-10-09 10:58 . 2007-10-09 10:58 36864 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe + 2007-10-09 10:58 . 2007-10-09 10:58 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll + 2007-10-09 11:03 . 2007-10-09 11:03 76312 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll + 2007-10-06 01:18 . 2007-10-06 01:18 16936 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe + 2007-10-11 07:55 . 2007-10-11 07:55 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2007-10-11 07:55 . 2007-10-11 07:55 11264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll + 2007-10-11 07:55 . 2007-10-11 07:55 61440 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe + 2009-10-09 13:56 . 2009-10-09 14:03 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe + 2009-10-09 13:56 . 2009-10-09 14:03 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe + 2009-07-06 08:02 . 2009-07-06 08:02 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fbcb343f14b7a8940d8cd2cb41d6d23a\System.Windows.Presentation.ni.dll + 2009-07-06 07:37 . 2009-07-06 07:37 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe + 2009-07-06 07:53 . 2009-07-06 07:53 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 90112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f0ec6afa0c80c2626409b1c0a2f77cb4\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8acff37d1532e69ddd3d18c091f52541\Microsoft.VisualStudio.Designer.Interfaces.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\d46c1a7621e75f35ca8e52f1d99b4885\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b853ec09162fa93757d7bbb0d5435f4e\Microsoft.Build.Framework.ni.dll + 2009-07-06 07:51 . 2009-07-06 07:51 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\31e3fd56254057628ba95a80bf0d1617\MetaGen.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 45056 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\4ef61b4662062db98febc5026bcb27db\EnvDTE90.ni.dll + 2009-07-06 07:28 . 2009-07-06 07:28 81920 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2009-07-06 07:28 . 2009-07-06 07:28 86016 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2009-07-06 07:29 . 2009-07-06 07:29 10240 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2009-07-06 07:29 . 2009-07-06 07:29 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2009-07-06 07:29 . 2009-07-06 07:29 40960 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll + 2009-07-06 07:32 . 2009-07-06 07:32 40960 c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll + 2009-07-06 07:32 . 2009-07-06 07:32 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll + 2009-07-06 07:32 . 2009-07-06 07:32 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.9.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 12288 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.XmlEditor\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.XmlEditor.dll + 2009-07-06 07:34 . 2009-07-06 07:34 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll + 2009-07-06 07:32 . 2009-07-06 07:32 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WCFReference.Interop\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WCFReference.Interop.dll + 2009-07-06 07:32 . 2009-07-06 07:32 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll + 2009-07-06 07:32 . 2009-07-06 07:32 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll + 2009-07-06 07:32 . 2009-07-06 07:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll + 2009-07-06 07:32 . 2009-07-06 07:32 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.WCF\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.WCF.dll + 2009-07-06 07:32 . 2009-07-06 07:32 19456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.9.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll + 2009-07-06 07:34 . 2009-07-06 07:34 13824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll + 2009-07-06 07:33 . 2009-07-06 07:33 40960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.VSCodeProvider\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeProvider.dll + 2009-07-06 07:29 . 2009-07-06 07:29 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll + 2009-07-06 07:32 . 2009-07-06 07:32 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll + 2009-07-06 07:29 . 2009-07-06 07:29 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll + 2009-07-06 07:29 . 2009-07-06 07:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-07-06 07:32 . 2009-07-06 07:32 87040 c:\windows\assembly\GAC_32\Microsoft.VisualC.VSCodeParser\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeParser.dll + 2009-07-06 07:33 . 2009-07-06 07:33 12288 c:\windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll + 2009-07-06 07:33 . 2009-07-06 07:33 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll + 2009-07-06 07:33 . 2009-07-06 07:33 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll + 2009-07-06 07:33 . 2009-07-06 07:33 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll + 2009-07-06 07:33 . 2009-07-06 07:33 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll + 2009-07-06 07:32 . 2009-07-06 07:32 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll + 2009-07-06 07:32 . 2009-07-06 07:32 12800 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProject.dll + 2009-07-06 07:32 . 2009-07-06 07:32 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 40960 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll + 2009-07-06 07:32 . 2009-07-06 07:32 18944 c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll + 2009-09-11 15:40 . 2003-05-15 10:36 32768 c:\windows\AM\globalUninst.exe + 2009-11-26 16:04 . 1995-08-03 15:06 6736 c:\windows\system32\WINGDIB.DRV + 2009-11-03 00:51 . 2009-11-03 00:51 9728 c:\windows\system32\wceprv.dll + 2008-09-02 05:21 . 2001-08-18 06:34 8192 c:\windows\system32\spool\drivers\w32x86\3\hpcstr.dll + 2009-02-20 17:32 . 2010-03-10 04:26 5632 c:\windows\system32\pndx5032.dll - 2009-02-20 17:32 . 2009-02-20 17:32 5632 c:\windows\system32\pndx5032.dll - 2009-02-20 17:32 . 2009-02-20 17:32 6656 c:\windows\system32\pndx5016.dll + 2009-02-20 17:32 . 2010-03-10 04:26 6656 c:\windows\system32\pndx5016.dll + 2007-10-11 07:55 . 2007-10-11 07:55 2560 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll + 2009-07-06 07:32 . 2009-07-06 07:32 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll + 2009-07-06 07:33 . 2009-07-06 07:33 5120 c:\windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll + 2009-07-06 07:32 . 2009-07-06 07:32 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll + 2009-07-06 07:34 . 2009-07-06 07:34 7680 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll + 2009-07-06 07:34 . 2009-07-06 07:34 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll + 2009-07-06 07:32 . 2009-07-06 07:32 6656 c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll + 2007-11-06 23:19 . 2007-11-06 23:19 868864 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcp90d.dll + 2007-11-06 18:24 . 2007-11-06 18:24 311808 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcm90d.dll + 2007-11-06 23:19 . 2007-11-06 23:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll + 2007-11-06 23:19 . 2007-11-06 23:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll + 2007-11-06 18:23 . 2007-11-06 18:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll + 2007-11-06 23:19 . 2007-11-06 23:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll + 2009-10-09 14:06 . 2009-10-09 14:06 709641 c:\windows\unins001.exe + 2007-10-09 11:03 . 2007-10-09 11:03 308760 c:\windows\system32\XPSViewer\XPSViewer.exe + 2007-03-23 04:07 . 2007-03-23 04:07 583504 c:\windows\system32\XPSSHHDR.dll + 2009-11-26 16:04 . 1995-08-03 15:06 188960 c:\windows\system32\WINGDE.DLL + 2007-10-09 11:03 . 2007-10-09 11:03 161304 c:\windows\system32\UIAutomationCore.dll + 2009-07-06 07:27 . 2007-03-22 18:24 762880 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll + 2009-07-06 07:27 . 2007-03-22 18:24 762880 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll + 2009-07-06 07:27 . 2007-03-22 18:53 746496 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll + 2009-07-06 07:27 . 2007-03-22 18:53 746496 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll + 2007-03-22 18:25 . 2007-03-22 18:25 677376 c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe + 2007-07-22 11:05 . 2007-03-22 19:03 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll - 2007-07-22 11:05 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll + 2009-10-18 17:50 . 2005-06-25 12:16 480256 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL + 2009-10-18 17:50 . 2005-06-25 12:16 138240 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL + 2007-03-22 18:24 . 2007-03-22 18:24 131584 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll + 2007-03-22 18:24 . 2007-03-22 18:24 762880 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll + 2008-09-02 05:20 . 2001-08-18 06:34 136192 c:\windows\system32\spool\drivers\w32x86\3\hpcfont.dll + 2009-02-20 17:32 . 2010-03-10 04:27 185920 c:\windows\system32\rmoc3260.dll + 2006-08-24 14:15 . 2006-08-24 14:15 150808 c:\windows\system32\rgb9rast_2.dll + 2006-11-13 13:57 . 2006-11-13 13:57 138024 c:\windows\system32\rapi.dll + 2007-03-22 18:25 . 2007-03-22 18:25 124928 c:\windows\system32\prntvpt.dll + 2007-10-09 11:03 . 2007-10-09 11:03 779800 c:\windows\system32\PresentationNative_v0300.dll + 2007-10-09 11:03 . 2007-10-09 11:03 350744 c:\windows\system32\PresentationHost.exe + 2007-10-09 11:03 . 2007-10-09 11:03 106520 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll - 2009-02-20 17:32 . 2009-02-20 17:32 278528 c:\windows\system32\pncrt.dll + 2009-02-20 17:32 . 2010-03-10 04:23 278528 c:\windows\system32\pncrt.dll + 2007-06-16 09:02 . 2010-07-28 10:15 441822 c:\windows\system32\perfh009.dat + 2007-10-11 07:55 . 2007-10-11 07:55 579584 c:\windows\system32\icardagt.exe + 2007-06-16 09:02 . 2009-07-07 05:14 129296 c:\windows\system32\FNTCACHE.DAT + 2007-10-09 11:03 . 2007-10-09 11:03 493080 c:\windows\system32\evr.dll + 2007-03-23 04:07 . 2007-03-23 04:07 583504 c:\windows\system32\dllcache\XPSSHHDR.dll + 2007-03-22 18:25 . 2007-03-22 18:25 677376 c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe + 2007-06-16 09:03 . 2005-02-18 03:59 226816 c:\windows\system32\dllcache\CEWMDM.dll + 2007-06-16 09:03 . 2005-02-18 03:59 226816 c:\windows\system32\CEWMDM.dll + 2007-10-19 00:58 . 2007-10-19 00:58 182288 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe + 2007-11-07 17:02 . 2007-11-07 17:02 794624 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll + 2007-11-07 14:26 . 2007-11-07 14:26 982008 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapUI.dll + 2007-11-07 14:26 . 2007-11-07 14:26 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.dll + 2007-11-07 14:26 . 2007-11-07 14:26 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.3082.dll + 2007-11-07 14:26 . 2007-11-07 14:26 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2070.dll + 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll + 2007-11-07 14:26 . 2007-11-07 14:26 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1053.dll + 2007-11-07 14:26 . 2007-11-07 14:26 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1049.dll + 2007-11-07 14:26 . 2007-11-07 14:26 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1046.dll + 2007-11-07 14:26 . 2007-11-07 14:26 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1045.dll + 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1044.dll + 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1043.dll + 2007-11-07 14:26 . 2007-11-07 14:26 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1040.dll + 2007-11-07 14:26 . 2007-11-07 14:26 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1038.dll + 2007-11-07 14:26 . 2007-11-07 14:26 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1037.dll + 2007-11-07 14:26 . 2007-11-07 14:26 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1036.dll + 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1035.dll + 2007-11-07 14:26 . 2007-11-07 14:26 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1032.dll + 2007-11-07 14:26 . 2007-11-07 14:26 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1031.dll + 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1030.dll + 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1029.dll + 2007-11-07 14:26 . 2007-11-07 14:26 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1025.dll + 2007-11-07 14:26 . 2007-11-07 14:26 687104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsscenario.dll + 2007-11-07 14:26 . 2007-11-07 14:26 411136 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsbasereqs.dll + 2007-11-07 14:26 . 2007-11-07 14:26 627712 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs70uimgr.dll + 2007-11-07 14:26 . 2007-11-07 14:26 109568 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.dll + 2007-11-07 14:26 . 2007-11-07 14:26 130560 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.3082.dll + 2007-11-07 14:26 . 2007-11-07 14:26 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2070.dll + 2007-11-07 14:26 . 2007-11-07 14:26 119808 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1055.dll + 2007-11-07 14:26 . 2007-11-07 14:26 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1053.dll + 2007-11-07 14:26 . 2007-11-07 14:26 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1049.dll + 2007-11-07 14:26 . 2007-11-07 14:26 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1046.dll + 2007-11-07 14:26 . 2007-11-07 14:26 126976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1045.dll + 2007-11-07 14:26 . 2007-11-07 14:26 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1044.dll + 2007-11-07 14:26 . 2007-11-07 14:26 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1043.dll + 2007-11-07 14:26 . 2007-11-07 14:26 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1040.dll + 2007-11-07 14:26 . 2007-11-07 14:26 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1038.dll + 2007-11-07 14:26 . 2007-11-07 14:26 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1037.dll + 2007-11-07 14:26 . 2007-11-07 14:26 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1036.dll + 2007-11-07 14:26 . 2007-11-07 14:26 120832 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1035.dll + 2007-11-07 14:26 . 2007-11-07 14:26 136192 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1032.dll + 2007-11-07 14:26 . 2007-11-07 14:26 129536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1031.dll + 2007-11-07 14:26 . 2007-11-07 14:26 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1030.dll + 2007-11-07 14:26 . 2007-11-07 14:26 124416 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1029.dll + 2007-11-07 14:26 . 2007-11-07 14:26 112128 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll + 2007-11-07 14:26 . 2007-11-07 14:26 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe + 2007-11-07 14:26 . 2007-11-07 14:26 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll + 2007-11-07 14:26 . 2007-11-07 14:26 276472 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll + 2007-11-07 17:00 . 2007-11-07 17:00 210834 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat + 2007-11-07 17:02 . 2007-11-07 17:02 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll + 2007-11-07 17:02 . 2007-11-07 17:02 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll + 2007-10-09 10:58 . 2007-10-09 10:58 897024 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll + 2007-10-09 11:03 . 2007-10-09 11:03 121368 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2007-08-05 20:30 . 2007-08-05 20:30 797696 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll + 2007-10-11 07:55 . 2007-10-11 07:55 143360 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe + 2007-10-11 07:55 . 2007-10-11 07:55 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll + 2007-10-11 07:55 . 2007-10-11 07:55 929792 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll + 2007-10-11 07:55 . 2007-10-11 07:55 122880 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe + 2007-10-11 07:55 . 2007-10-11 07:55 102400 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll + 2007-10-11 07:55 . 2007-10-11 07:55 151552 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll + 2007-10-11 07:55 . 2007-10-11 07:55 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll + 2007-10-11 07:55 . 2007-10-11 07:55 864256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe + 2007-10-11 07:55 . 2007-10-11 07:55 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe + 2010-02-01 02:26 . 1998-10-29 15:45 306688 c:\windows\IsUninst.exe + 2009-04-17 06:59 . 2009-04-17 06:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll + 2009-07-06 07:52 . 2009-07-06 07:52 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe + 2009-07-06 08:02 . 2009-07-06 08:02 270336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 458752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0e1c79174260c4e2bf159a2cc1d77338\System.Xml.Linq.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1e0ce08988c4cd1659caa7981b4c60fc\System.Web.Extensions.Design.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\3cefb375df4f668badf6dc74f3288960\System.Net.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 356352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0c0688825a79e72951210318eef63c82\System.Management.Instrumentation.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 417792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 241664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 937984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11892d4e65aaa4f475af5608b9497007\System.DirectoryServices.AccountManagement.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c014bb2f4ee4bf27c65ce1d1d78d750c\System.Data.DataSetExtensions.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\514e98c9aa203a2983cbf329753cb9c3\System.AddIn.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\eeb4d1669350e6eb17e48b867655aeba\System.AddIn.Contract.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 323584 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe + 2009-07-06 07:52 . 2009-07-06 07:52 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe + 2009-07-06 07:38 . 2009-07-06 07:38 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 274432 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 552960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe + 2009-07-06 07:53 . 2009-07-06 07:53 942080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8b1110e7e4135c16c80b28c20c936c21\Microsoft.VisualStudio.Shell.9.0.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 569344 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6166e3fc3f2c2c05e46db41cd3276cd6\Microsoft.VisualStudio.Shell.Design.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4f9a6decb1ddfe8fce793dca691f9728\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 315392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\46dc1ade48ce95e87fdd6f7697fa4af1\Microsoft.VisualStudio.OLE.Interop.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3712627e5b7d9400e3734fc816cb9b60\Microsoft.VisualStudio.Configuration.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\217108b36750d84f0d1608ef0a7a5e09\Microsoft.VisualStudio.WizardFramework.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 901120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\09fff63fc30e6f0777d755700193c229\Microsoft.VisualStudio.Shell.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\da5206e4c016dbdb944957d0046d7869\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d097b5a3c886d0c3b053f46b7a310501\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\f6a0413820cfe5b04051b079dc13acd3\EnvDTE80.ni.dll + 2009-07-06 07:51 . 2009-07-06 07:51 589824 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\8650892be322380fef81e7671b3863c7\EnvDTE.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 503808 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe + 2009-07-06 07:28 . 2009-07-06 07:28 372736 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2009-07-06 07:28 . 2009-07-06 07:28 163840 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2009-07-06 07:29 . 2009-07-06 07:29 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2009-07-06 07:29 . 2009-07-06 07:29 517152 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll + 2009-07-06 07:28 . 2009-07-06 07:28 578592 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll + 2009-07-06 07:29 . 2009-07-06 07:29 327680 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll + 2009-07-06 07:28 . 2009-07-06 07:28 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll + 2009-07-06 07:29 . 2009-07-06 07:29 496672 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll + 2009-07-06 07:28 . 2009-07-06 07:28 159744 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll + 2009-07-06 07:28 . 2009-07-06 07:28 929792 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2009-07-06 07:29 . 2009-07-06 07:29 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll + 2009-07-06 07:29 . 2009-07-06 07:29 139264 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2009-07-06 07:28 . 2009-07-06 07:28 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2009-07-06 07:28 . 2009-07-06 07:28 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2009-07-06 07:28 . 2009-07-06 07:28 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2009-07-06 07:29 . 2009-07-06 07:29 282624 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2009-07-06 07:29 . 2009-07-06 07:29 667648 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll + 2009-07-06 07:29 . 2009-07-06 07:29 663552 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll + 2009-07-06 07:29 . 2009-07-06 07:29 159744 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll + 2009-07-06 07:28 . 2009-07-06 07:28 102400 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2009-07-06 07:28 . 2009-07-06 07:28 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2009-07-06 07:28 . 2009-07-06 07:28 897024 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2009-07-06 07:28 . 2009-07-06 07:28 151552 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2009-07-06 07:28 . 2009-07-06 07:28 376832 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2009-07-06 07:28 . 2009-07-06 07:28 131072 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2009-07-06 07:28 . 2009-07-06 07:28 184320 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2009-07-06 07:28 . 2009-07-06 07:28 602112 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll + 2009-07-06 07:32 . 2009-07-06 07:32 139264 c:\windows\assembly\GAC_MSIL\msddsp\9.0.0.0__b03f5f7f11d50a3a\msddsp.dll + 2009-07-06 07:32 . 2009-07-06 07:32 274432 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll + 2009-07-06 07:32 . 2009-07-06 07:32 552960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll + 2009-07-06 07:32 . 2009-07-06 07:32 368640 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll + 2009-07-06 07:32 . 2009-07-06 07:32 184320 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll + 2009-07-06 07:32 . 2009-07-06 07:32 356352 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.9.0\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.9.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 344064 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll + 2009-07-06 07:32 . 2009-07-06 07:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService.9.0\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.9.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 557056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll + 2009-07-06 07:34 . 2009-07-06 07:34 200704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Services\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Services.dll + 2009-07-06 07:34 . 2009-07-06 07:34 172032 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Framework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Framework.dll + 2009-07-06 07:32 . 2009-07-06 07:32 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll + 2009-07-06 07:32 . 2009-07-06 07:32 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll + 2009-07-06 07:28 . 2009-07-06 07:28 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2009-07-06 07:29 . 2009-07-06 07:29 794624 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll + 2009-07-06 07:29 . 2009-07-06 07:29 737280 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2009-07-06 07:29 . 2009-07-06 07:29 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll + 2009-07-06 07:31 . 2009-07-06 07:31 102400 c:\windows\assembly\GAC_MSIL\CppCodeProvider\8.0.0.0__b03f5f7f11d50a3a\CppCodeProvider.dll + 2009-07-06 07:28 . 2009-07-06 07:28 346624 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2009-07-06 07:28 . 2009-07-06 07:28 151552 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2009-07-06 07:32 . 2009-07-06 07:32 143360 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProjectEngine.dll + 2009-07-06 07:32 . 2009-07-06 07:32 106496 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCCodeModel.dll + 2009-07-06 07:32 . 2009-07-06 07:32 114688 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll + 2009-07-06 07:32 . 2009-07-06 07:32 249856 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll + 2009-07-06 07:32 . 2009-07-06 07:32 172032 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll + 2009-07-06 07:32 . 2009-07-06 07:32 118784 c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll + 2009-07-06 07:32 . 2009-07-06 07:32 126976 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll + 2009-07-06 07:32 . 2009-07-06 07:32 176128 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll + 2009-07-06 07:32 . 2009-07-06 07:32 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll + 2009-07-06 07:31 . 2009-07-06 07:31 245760 c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll + 2007-06-16 09:04 . 2008-04-14 17:20 198144 c:\windows\acoqurejadan.dll + 2009-10-09 13:57 . 2004-11-18 08:45 371936 c:\windows\$NtUninstallKB894476$\spuninst\updspapi.dll + 2009-10-09 13:57 . 2004-11-18 08:44 209632 c:\windows\$NtUninstallKB894476$\spuninst\spuninst.exe + 2009-10-09 13:57 . 2005-01-28 11:44 164864 c:\windows\$NtUninstallKB894476$\cewmdm.dll + 2007-11-06 23:19 . 2007-11-06 23:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll + 2007-11-06 23:19 . 2007-11-06 23:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll + 2007-11-06 23:19 . 2007-11-06 23:19 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcr90d.dll + 2005-09-22 23:16 . 2005-09-22 23:16 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2005-09-22 23:16 . 2005-09-22 23:16 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\XpsSvcs.dll + 2009-07-06 07:27 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll + 2009-07-06 07:27 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll + 2009-07-06 07:27 . 2007-03-22 18:59 2932224 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll + 2009-07-06 07:27 . 2007-03-22 18:59 2932224 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll + 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll + 2007-10-09 11:03 . 2007-10-09 11:03 1986072 c:\windows\system32\milcore.dll + 2009-05-01 18:30 . 2009-05-01 18:30 3366912 c:\windows\system32\GPhotos.scr + 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\dllcache\XpsSvcs.dll + 2007-11-07 17:02 . 2007-11-07 17:02 1710584 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe + 2007-11-07 14:26 . 2007-11-07 14:26 1045504 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.dll + 2007-11-07 14:26 . 2007-11-07 14:26 1361920 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\SITSetup.dll + 2007-11-07 14:26 . 2007-11-07 14:26 1059328 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll + 2007-11-07 17:02 . 2007-11-07 17:02 1545720 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe + 2007-08-05 20:30 . 2007-08-05 20:30 2628608 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll + 2007-08-05 20:30 . 2007-08-05 20:30 4874240 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll + 2007-10-11 07:55 . 2007-10-11 07:55 5971968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll + 2009-07-06 07:37 . 2009-07-06 07:37 3395584 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 1531904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\4b5a5ae7e0127bc7198e25e642a93657\System.WorkflowServices.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 4579328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll + 2009-07-06 08:02 . 2009-07-06 08:02 3084288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e53994294a9806e82eec3da5a92df440\System.Web.Extensions.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 2039808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 1556480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b500bb89ae2cc514f4b1c34e5fa26d75\System.ServiceModel.Web.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 2445312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 1134592 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 1064960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 2588672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b764aeb88006085c9cc4202662de94f6\System.Data.Linq.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\11a9cf08e5bb06e0770b2b6bbe06df39\System.Core.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 1581056 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1e813f823db2682c27f52c57dd36ee10\Microsoft.VisualStudio.CommonIDE.ni.dll + 2009-07-06 07:52 . 2009-07-06 07:52 1232896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll + 2009-07-06 08:01 . 2009-07-06 08:01 2441216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19fcf0383bc2340da2d15e1370ef0990\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-07-06 07:53 . 2009-07-06 07:53 1892352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\1cfe3ed0c5b5f63d49185967fa4bfe17\Microsoft.Build.Engine.ni.dll + 2009-07-06 07:28 . 2009-07-06 07:28 1204224 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2009-07-06 07:28 . 2009-07-06 07:28 1635376 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll + 2009-07-06 07:28 . 2009-07-06 07:28 1152040 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2009-07-06 07:29 . 2009-07-06 07:29 1253376 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2009-07-06 07:28 . 2009-07-06 07:28 5971968 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2009-07-06 07:28 . 2009-07-06 07:28 5210112 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2009-07-06 07:32 . 2009-07-06 07:32 4386816 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll + 2009-07-06 07:32 . 2009-07-06 07:32 2711552 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll + 2009-07-06 07:28 . 2009-07-06 07:28 4174336 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2009-07-06 07:32 . 2009-07-06 07:32 1712128 c:\windows\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll + 2009-07-06 07:34 . 2009-07-06 07:34 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll + 2009-07-06 07:52 . 2009-07-06 07:52 18071552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll + 2009-07-06 07:38 . 2009-07-06 07:38 15036416 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll + 2009-07-06 07:37 . 2009-07-06 07:37 12570624 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-16 25268264] "Ddiju"="c:\windows\wmacet.dll" [2008-04-14 73728] "zkqon"="c:\documents and settings\H&K\zkqon.exe" [2010-07-28 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208] "TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576] "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256] "Fdonife"="c:\windows\acoqurejadan.dll" [2008-04-14 198144] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-11 16267776] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2006-10-16 12:30 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-01-11 06:05 13824 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=c:\windows\pss\DSLMON.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk] path=c:\documents and settings\H&K\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.0.4.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk] path=c:\documents and settings\H&K\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk backup=c:\windows\pss\OpenOffice.ux.pl 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Documents and Settings\\Gościu\\Ustawienia lokalne\\Dane aplikacji\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-08-21 28544] R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968] S2 BridDfu;Access Point (AR) Device Driver;c:\windows\system32\Drivers\BridDfu.sys --> c:\windows\system32\Drivers\BridDfu.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ZioVeG.eXe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}] \Shell\AutoRun\command - E:\InstallSeagateManager.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe . Zawartość folderu 'Zaplanowane zadania' 2010-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-07-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-07-28 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] 2010-07-28 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job - c:\windows\Gvumua.exe [2010-07-28 08:04] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-5DR8ZAD8GX - c:\docume~1\H&K\USTAWI~1\Temp\Gc0.exe . ------- Skan uzupełniający ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Wyślij do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: mks.com.pl\www FF - ProfilePath - c:\documents and settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - HiddenExtension: XULRunner: {F04FB01E-B108-4183-BEFC-024138D741B1} - c:\documents and settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-28 18:42 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1148) c:\program files\Softex\OmniPass\opxpgina.dll c:\windows\system32\tphklock.dll . Czas ukończenia: 2010-07-28 18:45 ComboFix-quarantined-files.txt 2010-07-28 16:45 ComboFix2.txt 2009-07-02 06:16 ComboFix3.txt 2008-08-02 15:41 Przed: 13 146 841 088 bajtów wolnych Po: 13 557 374 976 bajtów wolnych 579 --- E O F --- 2009-06-10 22:51 [/log]
Sohei komentarz 29 lipca 2010 komentarz 29 lipca 2010 Wrzuć logi z programów: [url=http://oldtimer.geekstogo.com/OTL.exe][b][color=blue]OTL[/color][/b][/url] Ustaw [b]Processes[/b] i [b]Modules[/b] na [b]All[/b] a w [b]Custom Scans/Fixes[/b] wklej: [quote]netsvcs msconfig safebootminimal safebootnetwork %systemdrive%\*.*[/quote] [url=http://images.malwareremoval.com/random/RSIT.exe][b][color=blue]RSIT[/color][/b][/url] [url=http://www.gmer.net/][b][color=blue]Gmer[/color][/b][/url]
klimek1313 komentarz 29 lipca 2010 Autor komentarz 29 lipca 2010 (edytowane) ok, a jak zrobić by logi otwieraly sie w tym wąskim pasku? tu na forum?
klimek1313 komentarz 29 lipca 2010 Autor komentarz 29 lipca 2010 (edytowane) OTL: [log] OTL logfile created on: 2010-07-29 18:36:23 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\H&K\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70,18 Gb Total Space | 12,64 Gb Free Space | 18,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KLIMKI2 Current User Name: H&K Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe PRC - [2010-07-28 10:04:29 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe PRC - [2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe PRC - [2010-03-10 06:23:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe PRC - [2009-04-25 07:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-11-10 06:43:42 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [mi] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008-04-14 19:21:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-03-16 20:25:16 | 025,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2007-03-15 22:42:34 | 001,914,824 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2006-08-21 23:54:08 | 000,033,128 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006-07-10 20:33:00 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2006-05-08 03:34:06 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe PRC - [2006-04-20 00:29:44 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-07-27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,198,144 | ---- | M] () -- C:\WINDOWS\acoqurejadan.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (wuauserv) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR) DRV - [2010-07-25 01:08:51 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2) DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M] [2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions [2010-07-29 10:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions [2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-07-29 10:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Fdonife] C:\WINDOWS\acoqurejadan.DLL () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL () O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL (MaresWEB) O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe () O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\winesm32.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe () O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk - C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe - File not found MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk - C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe - () MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe File not found MsConfig - StartUpReg: [b]ACTray[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe () MsConfig - StartUpReg: [b]ACWLIcon[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe () MsConfig - StartUpReg: [b]AGRSMMSG[/b] - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems) MsConfig - StartUpReg: [b]AMSG[/b] - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO) MsConfig - StartUpReg: [b]AzMixerSel[/b] - hkey= - key= - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]cssauth[/b] - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]H/PC Connection Agent[/b] - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]LPManager[/b] - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) MsConfig - StartUpReg: [b]lxccmon.exe[/b] - hkey= - key= - C:\Program Files\Lexmark 3300 Series\lxccmon.exe () MsConfig - StartUpReg: [b]mSejf - monitor[/b] - hkey= - key= - C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe File not found MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]OmniPass[/b] - hkey= - key= - C:\Program Files\Softex\OmniPass\ScureApp.exe () MsConfig - StartUpReg: [b]Picasa Media Detector[/b] - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: [b]tugeb[/b] - hkey= - key= - C:\Documents and Settings\H&K\tugeb.exe File not found MsConfig - StartUpReg: [b]TVT Scheduler Proxy[/b] - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]zkqon[/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL [2010-07-29 11:33:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe [2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA [2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia [2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:05:21 | 000,194,560 | ---- | C] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe [2010-07-28 10:02:18 | 000,117,760 | ---- | C] (Electronic Arts) -- C:\Documents and Settings\H&K\s.exe [2010-07-28 10:02:18 | 000,073,728 | ---- | C] (MaresWEB) -- C:\Documents and Settings\H&K\u.exe [2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll [2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing [2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-29 18:36:33 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2010-07-29 18:05:14 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-07-29 16:50:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yludodaqoxoqira.dat [2010-07-29 11:46:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe [2010-07-29 11:40:37 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\RSIT.exe [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe [2010-07-29 10:57:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qjufipujililu.bin [2010-07-29 01:22:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-07-29 01:22:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-07-29 01:08:34 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe [2010-07-29 01:08:32 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll [2010-07-29 01:08:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-29 01:08:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-29 01:08:22 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2010-07-28 18:54:25 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT [2010-07-28 18:54:25 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini [2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-28 18:42:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-28 12:15:58 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-07-28 12:15:58 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-07-28 12:15:58 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-07-28 12:15:58 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-07-28 12:15:58 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-07-28 12:02:33 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-28 12:02:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-07-28 10:04:29 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe [2010-07-28 10:02:57 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\H&K\a.bat [2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 08:51:06 | 000,073,728 | ---- | M] (MaresWEB) -- C:\Documents and Settings\H&K\u.exe [2010-07-28 08:47:19 | 000,117,760 | ---- | M] (Electronic Arts) -- C:\Documents and Settings\H&K\s.exe [2010-07-28 08:28:12 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\H&K\r.exe [2010-07-28 08:09:24 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\H&K\a.exe [2010-07-28 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-07-25 12:42:32 | 007,972,034 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip.part [2010-07-25 12:42:32 | 007,524,914 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip.part [2010-07-25 12:15:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip [2010-07-25 12:15:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip [2010-07-25 09:38:45 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-07-25 01:08:51 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS [2010-07-23 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-29 18:04:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-07-29 11:42:18 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe [2010-07-29 11:38:44 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\RSIT.exe [2010-07-29 10:57:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yludodaqoxoqira.dat [2010-07-29 10:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qjufipujililu.bin [2010-07-28 10:02:57 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\H&K\a.bat [2010-07-28 10:02:52 | 000,131,072 | RHS- | C] () -- C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 10:02:18 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\H&K\a.exe [2010-07-28 10:02:18 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\H&K\r.exe [2010-07-25 12:15:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip [2010-07-25 12:15:26 | 007,972,034 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip.part [2010-07-25 12:15:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip [2010-07-25 12:15:12 | 007,524,914 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip.part [2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll [2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll [2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll [2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll [2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-06-16 11:04:31 | 000,198,144 | ---- | C] () -- C:\WINDOWS\acoqurejadan.dll [2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo [2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage [2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo [2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia [2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player [2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2 [2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite [2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage [2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity [2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo [2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia [2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2 [2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage [2010-07-29 18:36:33 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2010-07-29 18:05:14 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log [2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-07-28 12:02:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log [2010-07-29 01:08:22 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log [2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000 [2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv [2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000 [2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv [2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log [2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR [2010-07-29 01:08:21 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log [2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log [2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk [2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < End of report > [/log] RSIT log: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by H&K at 2010-07-29 11:48:45 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 13 GB (18%) free of 72 GB Total RAM: 2550 MB (71% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-07-14 719616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe [2006-05-08 94208] "TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2006-04-20 24576] "PMHandler"=C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2006-08-21 33128] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-11 16267776] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784] "snp2std"=C:\WINDOWS\vsnp2std.exe [2006-07-10 675840] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-10 202256] "Fdonife"=C:\WINDOWS\acoqurejadan.dll [2008-04-14 198144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-03-16 25268264] "Ddiju"=C:\WINDOWS\wmacet.dll [2008-04-14 73728] "zkqon"=C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 131072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5DR8ZAD8GX] C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-10-05 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-10-05 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2006-08-30 89542] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2005-11-22 507904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2006-07-03 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mSejf - monitor] C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe [2006-10-16 2502656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-19 774233] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tugeb] C:\Documents and Settings\H&K\tugeb.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-07-14 503808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zkqon] C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 131072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-06-30 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk] C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2006-01-17 618557] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk] C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk] C:\PROGRA~1\OPENOF~1.PL3\program\QUICKS~1.EXE [2008-10-18 17408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll [2006-10-16 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\WINDOWS\system32\tphklock.dll [2006-01-11 13824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe"="C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe:*:Enabled:HTTP-Tunnel Client" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Documents and Settings\Gościu\Ustawienia lokalne\Dane aplikacji\Skype\Phone\Skype.exe"="C:\Documents and Settings\Gościu\Ustawienia lokalne\Dane aplikacji\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free." "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ======List of files/folders created in the last 1 months====== 2010-07-29 11:48:45 ----D---- C:\rsit 2010-07-29 11:47:30 ----D---- C:\_OTL 2010-07-28 18:45:19 ----A---- C:\ComboFix.txt 2010-07-28 12:01:06 ----D---- C:\_SMA 2010-07-28 10:05:21 ----A---- C:\WINDOWS\Gvumua.exe 2010-07-18 11:35:57 ----D---- C:\Program Files\Xing 2010-07-18 11:35:57 ----A---- C:\WINDOWS\system32\Roboex32.dll ======List of files/folders modified in the last 1 months====== 2010-07-29 11:51:57 ----D---- C:\Program Files\Trend Micro 2010-07-29 11:45:09 ----SD---- C:\WINDOWS\Tasks 2010-07-29 11:29:45 ----A---- C:\WINDOWS\ModemLog_Modem Bluetooth.txt 2010-07-29 11:29:36 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2010-07-29 11:28:21 ----D---- C:\Documents and Settings\H&K\Dane aplikacji\Skype 2010-07-29 10:57:34 ----D---- C:\WINDOWS 2010-07-29 10:41:16 ----D---- C:\Program Files\Mozilla Firefox 2010-07-29 10:27:55 ----D---- C:\SWSHARE 2010-07-29 01:08:34 ----A---- C:\WINDOWS\system32\rpcnetp.exe 2010-07-29 01:08:32 ----D---- C:\WINDOWS\Temp 2010-07-29 01:08:32 ----A---- C:\WINDOWS\system32\rpcnet.dll 2010-07-28 18:54:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-28 18:45:25 ----AD---- C:\WINDOWS\system32 2010-07-28 18:45:24 ----D---- C:\WINDOWS\system32\drivers 2010-07-28 18:43:10 ----D---- C:\QooBox 2010-07-28 18:42:58 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-28 18:42:37 ----A---- C:\WINDOWS\system.ini 2010-07-28 18:37:31 ----D---- C:\WINDOWS\Prefetch 2010-07-28 12:15:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-28 12:02:33 ----RASH---- C:\boot.ini 2010-07-28 12:02:33 ----A---- C:\WINDOWS\win.ini 2010-07-25 09:38:45 ----A---- C:\WINDOWS\winamp.ini 2010-07-25 09:37:36 ----AD---- C:\5-Muzyka 2010-07-18 11:35:58 ----D---- C:\Program Files\Common Files\xing shared 2010-07-18 11:35:57 ----RD---- C:\Program Files 2010-07-18 11:25:02 ----A---- C:\ashampoo-acdw-log.txt 2010-07-08 22:18:22 ----D---- C:\Program Files\HAM 2010-07-07 21:51:58 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-07-06 10:26:03 ----D---- C:\Program Files\Lx_cats ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872] R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520] R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 PMHler;PMHler; C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 10240] R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2006-02-28 18101] R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-17 7168] R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [] R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [] R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys [] R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-30 1161152] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-07-14 121216] R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928] R3 btaudio;Urządzenie dźwiękowe Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061] R3 BTDriver;Sterownik do komunikacji wirtualnej Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459] R3 BTKRNL;Licznik magistrali Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474] R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-01-17 30285] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-10-12 4387328] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-09-08 51328] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 10304384] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-19 193088] R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 BridDfu;Access Point (AR) Device Driver; C:\WINDOWS\System32\Drivers\BridDfu.sys [] S3 BTWDNDIS;Serwer dostępu do sieci LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900] S3 catchme;catchme; \??\C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Sterownik karty Intel(R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-26 117760] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys [] S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtr magistrali AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtr magistrali AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Sterownik filtru magistrali AGP AMD; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240] S4 sisagp;Filtr magistrali AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-10-05 53248] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-10-05 167936] R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984] R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2006-10-16 32768] R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2006-05-24 57344] R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2009-06-06 56680] R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2006-11-17 15872] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2006-07-14 629504] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-07-14 950272] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;„Usługa stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944] S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe [2006-11-16 23552] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280] S3 WMConnectCDS;Usługa Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480] -----------------EOF----------------- [/log] RSIT info; [log] info.txt logfile of random's system information tool 1.08 2010-07-29 11:52:10 ======Uninstall list====== -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x15 Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agere Systems HDA Modem-->agrsmdel Aktualizacja dla systemu Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter" Championship Manager 01-02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Championship Manager 01-02\Uninst.isu" Client Security Solution-->MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1} Fingerprint Sensor Minimum Install-->MsiExec.exe /I{F9CCC3C3-F99F-4183-AF6F-F22E36D36FAB} Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} HAM-->C:\WINDOWS\HAM Uninstaller.exe Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Inst5657-->MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123} Integrated Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9 Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Lenovo Care Supplement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove Lenovo Care System Update Toolbar Button for IE-->MsiExec.exe /I{DA320635-F48C-4613-8325-D75A933C549E} Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE Matematyka-->C:\Program Files\Edukacja XXI wieku\Matematyka\Uninstall.exe Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 — pakiet języka polskiego-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PLK\install.exe Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe Microsoft Visual C++ 2008 Express Edition - ENU-->MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738} Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D} Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Niezbędnik CD-->C:\WINDOWS\unins000.exe Nokia Connectivity Cable Driver-->MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67} OmniPass 4.00.54-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9 On Screen Display-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\HOTKEY\tphkinst.inf OpenOffice.ux.pl 3.0-->MsiExec.exe /I{4E5AFCDB-0ACA-49FA-9854-0E9E8469F33E} Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76} Pakiet sterowników systemu Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC Connectivity Solution-->MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B} PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe" PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B} Poprawka dla systemu Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove QuickTime Alternative 2.9.0-->"C:\Program Files\QuickTime Alternative\unins000.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x15 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Rescue and Recovery-->MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA} Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Roxio Digital Media LE-->C:\swtools\apps\DigMedLE\customiz\sequencer.exe -fc:\swtools\apps\DigMedLE\customiz\uninst.seq Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} save2pc Light 3.39-->"C:\Program Files\FDRLab\save2pc\unins000.exe" Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe Skype 3.1-->"C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SPSS 12.0PL for Windows-->MsiExec.exe /I{4AA61A60-6970-4a41-B644-170EBA077049} Stellarium 0.9.0-->"C:\Program Files\Stellarium\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {72005434-30E9-49D9-A5E4-D1AE5D34DB71} Windows Live Toolbar-->MsiExec.exe /X{72005434-30E9-49D9-A5E4-D1AE5D34DB71} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4} Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log" =====HijackThis Backups===== O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) [2008-08-02] ======System event log====== Computer Name: KLIMKI2 Event Code: 7036 Message: Usługa Usługa odnajdywania SSDP weszła w stan uruchomienia. Record Number: 74331 Source Name: Service Control Manager Time Written: 20100608131454.000000+120 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 7035 Message: Do usługi Usługa odnajdywania SSDP został pomyślnie wysłany kod sterowania uruchom. Record Number: 74330 Source Name: Service Control Manager Time Written: 20100608131453.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KLIMKI2 Event Code: 7036 Message: Usługa Zgodność szybkiego przełączania użytkowników weszła w stan uruchomienia. Record Number: 74329 Source Name: Service Control Manager Time Written: 20100608131451.000000+120 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 7035 Message: Do usługi Zgodność szybkiego przełączania użytkowników został pomyślnie wysłany kod sterowania uruchom. Record Number: 74328 Source Name: Service Control Manager Time Written: 20100608131451.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: KLIMKI2 Event Code: 29 Message: Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne. Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego czasu. Record Number: 74327 Source Name: W32Time Time Written: 20100608131420.000000+120 Event Type: błąd User: =====Application event log===== Computer Name: KLIMKI2 Event Code: 0 Message: Service started successfully. Record Number: 7911 Source Name: SUService Time Written: 20100302065251.000000+060 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 0 Message: Record Number: 7910 Source Name: ThinkVantage Registry Monitor Service Time Written: 20100302065250.000000+060 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 0 Message: Record Number: 7909 Source Name: PMSveH Time Written: 20100302065249.000000+060 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 0 Message: Record Number: 7908 Source Name: btwdins Time Written: 20100302065249.000000+060 Event Type: informacje User: Computer Name: KLIMKI2 Event Code: 1002 Message: Powłoka systemowa została nagle zatrzymana i uruchomiono Explorer.exe. Record Number: 7907 Source Name: Winlogon Time Written: 20100301003354.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Softex\OmniPass;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "TVT"=C:\Program Files\Lenovo "TVTCOMMON"=C:\Program Files\Common Files\Lenovo "SWSHARE"=C:\SWSHARE "RR"=C:\Program Files\Lenovo\Rescue and Recovery "TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24 "VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\ -----------------EOF----------------- [/log] a Gmert'a dorzuce pozniej GMERT: [log] GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-29 18:34:02 Windows 5.1.2600 Dodatek Service Pack 3 Running: 1sof5h6e.exe; Driver: C:\DOCUME~1\H&K\USTAWI~1\Temp\pgddqpod.sys ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0xBA186394] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[468] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Messenger\msmsgs.exe[468] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[644] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Skype\Phone\Skype.exe[644] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\vsnp2std.exe[920] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\vsnp2std.exe[920] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0096000A .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0097000A .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 3 Bytes JMP 0095000C .text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher + 4 7C90E480 1 Byte [84] .text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 008C000A .text C:\WINDOWS\System32\svchost.exe[1488] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00DD000A .text C:\WINDOWS\system32\taskmgr.exe[1632] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\taskmgr.exe[1632] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\Gvumua.exe[1900] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\Gvumua.exe[1900] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C .text C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe[2600] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe[2600] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2932] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2932] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC000A .text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A .text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BB000C .text C:\WINDOWS\system32\rundll32.exe[3648] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\rundll32.exe[3648] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe[3828] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe[3828] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe[3840] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe[3840] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe[3880] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe[3880] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\RTHDCPL.EXE[3888] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\RTHDCPL.EXE[3888] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\system32\WLTRAY.exe[3908] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\WLTRAY.exe[3908] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\system32\igfxtray.exe[3916] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\igfxtray.exe[3916] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\system32\hkcmd.exe[3928] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\hkcmd.exe[3928] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\WINDOWS\system32\igfxpers.exe[3936] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\WINDOWS\system32\igfxpers.exe[3936] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4016] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4016] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Java\jre6\bin\jusched.exe[4064] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Java\jre6\bin\jusched.exe[4064] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[4072] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[4072] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00419F81] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00419F81] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) Device -> \Driver\atapi \Device\Harddisk0\DR0 8A95DEC5 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!! Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [DISABLED] ClipSrv <-- ROOTKIT !!! Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!! Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!! Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!! Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!! Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@LeaseObtainedTime 1280392065 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@T1 1280397465 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@T2 1280401515 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@LeaseTerminatesTime 1280402865 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@LeaseObtainedTime 1280392065 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@T1 1280397465 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@T2 1280401515 Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@LeaseTerminatesTime 1280402865 ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\rr.log 20659 bytes File C:\RRbackups\common\SAM 24576 bytes File C:\RRbackups\common\seccache.dat 8192 bytes File C:\RRbackups\common\secpolicy.dat 53248 bytes File C:\RRbackups\common\settings.dat 28672 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\usersids.dat 11440 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\All Users 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo\Client Security Solution\PreloadInstall.ini 26 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 907 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\c7cbf2d01dc36e4b44b2821953c6f342_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 1779 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\e17459beeef013e01dbf6151b4b7cdbf_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 1764 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 57 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 47 bytes File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 899 bytes File C:\RRbackups\Documents and Settings\Default User 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Gościu 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\6b29ae44e85efac3c72ff4d1865d73f1_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 53 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\6b6ff3d36b1e8344f832a4436e02938c_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 47 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\83aa4cc77f591dfc2374580bbd95f6ba_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 45 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\e2d34147dd359ebb13a64fc9cb669f40_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 59 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\2ae4f252-fe96-46cc-a0e6-2a2491f0f673 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\473a0792-ef5d-417e-8a08-d78290763270 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\581647f9-950e-4ac4-8796-cf20e25ddb51 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\736d088c-2694-4f92-b83d-74e9ea23463f 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\80696e5c-86a4-4050-be40-947cba66b0ac 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\9a508fe3-d778-4587-9739-8b19742fe7cb 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\cec83ad9-cb40-4bae-92f3-171e852e68fd 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\e297f0bd-6ac3-48bc-9c36-74a14b076e79 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\fc7b4ba8-63b3-4efd-b15c-8f2a3dc6a6c3 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\fc8bbf1e-3ad1-4cde-9224-f9c45ae05444 388 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\H&K 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\6b29ae44e85efac3c72ff4d1865d73f1_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 53 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\83aa4cc77f591dfc2374580bbd95f6ba_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 45 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\8f71098770f72c7a67cd8f1151619865_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 54 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\e2d34147dd359ebb13a64fc9cb669f40_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 59 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\f08c1885e643332baac5a23d6fdd8195_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 44 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\CREDHIST 160 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\387cdabe-8403-4b12-b135-665dc89b11cf 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\427905a6-7f67-41d7-b006-030bc0795131 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\4a698bbe-9d21-44fc-bb48-1923c87946a4 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\83c31598-adf9-4501-aadd-bc1b7c06b974 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\9746fdbd-7c1a-4108-a9d3-7dc9dbac9d3a 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\c312aae8-42a0-477d-ad51-45c75ed5f61d 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\cd528be4-5f44-463f-8de8-d254412179f0 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\f6a8510e-b660-49b9-93ce-030fd84617c1 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\fb4d237d-2fb6-4a3f-a4cb-ddecf7053b4f 388 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\Preferred 24 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Właściciel 0 bytes File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji 0 bytes File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Crypto 0 bytes File C:\Documents and Settings\H&K\Cookies\h&k@ad.yieldmanager[1].txt 0 bytes File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\AGWUYNMCAQ44YYHCAOXFJ9XCA9A6GAJCAD9H4TJCABW4JHKCAT06C4UCASCS9TDCAWOPGNOCA4X2GTXCA6EDTO0CAA9X1VPCAR2TBRECA3FOMI4CA1I63DCCAWAKY00CABARL9DCARNZ8ZWCAPVXW42CAITQVQ8 1443 bytes File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\ABOFFBUCA9UHLHJCAJ5FHXOCAW1YFN3CA4XUTLFCAHDSTBCCAIDLRDECABZU54WCAV0W3XSCA2Z3TT0CAW8THWKCAEJ3K3VCAOPDRSGCAA4EVT1CAW3T2GZCAFK31A5CAU92GC1CAY1UWK9CAZNSTQ3CA05IV43 1446 bytes File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\b239b3bf107702a6e77174164ff41f9c[2].swf 17622 bytes File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- [/log] %
Sohei komentarz 30 lipca 2010 komentarz 30 lipca 2010 [code] :Processes Explorer.exe :OTL PRC - [2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe O4 - HKLM..\Run: [Fdonife] C:\WINDOWS\acoqurejadan.DLL () O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe () O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\winesm32.exe ( ) O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun :files C:\WINDOWS\Yludodaqoxoqira.dat C:\WINDOWS\Qjufipujililu.bin C:\Documents and Settings\H&K\a.bat C:\Documents and Settings\H&K\zkqon.exe C:\WINDOWS\acoqurejadan.DLL C:\Documents and Settings\H&K\u.exe C:\Documents and Settings\H&K\s.exe C:\Documents and Settings\H&K\r.exe C:\Documents and Settings\H&K\a.exe :Commands [emptytemp] [start explorer] [Reboot] [/code] Wklejasz do OTL i run fix. Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url] Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url] Co znajda usun po czym daj logi z usuwania + nowy log OTL
klimek1313 komentarz 30 lipca 2010 Autor komentarz 30 lipca 2010 ooo, dzieki. skanuje caly czas avastem i ciagle cos zostaje.... ale co to znaczy wklejasz do OTL i run fix. w ktorym miejscu wklejam?
Sohei komentarz 30 lipca 2010 komentarz 30 lipca 2010 otwierasz OTL i masz tam takie białe okienko. Wklejasz to co ci napisałem w nie i klikasz run fix(po polsku wykonaj skrypt)
klimek1313 komentarz 1 sierpnia 2010 Autor komentarz 1 sierpnia 2010 ok, lepiej późno... czasem 45 mega to kawał pliku do ściągnięcia. MBAM: [log] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4052 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 7.0.5730.11 2010-07-31 00:00:58 mbam-log-2010-07-31 (00-00-58).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowano obiektów: 231241 Upłynęło: 1 godzin(y), 36 minut(y), 57 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 1 Zainfekowane informacje rejestru systemowego: 1 Zainfekowanych folderów: 0 Zainfekowanych plików: 10 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snp2std (Trojan.FakeAlert.H) -> No action taken. Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\Poker\Poker at bet365\_SetupPoker_68e0.exe (Adware.Casino) -> No action taken. C:\2-Instalki\SetupPoker_68e0.exe (Adware.Casino) -> No action taken. C:\2-Instalki\Gry\fifa09\Crack\rld-fi9k.exe.bc! (Malware.Packer) -> No action taken. C:\Documents and Settings\Gościu\Dane aplikacji\wiaserva.log (Malware.Trace) -> No action taken. C:\Documents and Settings\Gościu\Dane aplikacji\avdrn.dat (Malware.Trace) -> No action taken. C:\Program Files\Piklib42.dll (Spyware.OnlineGames) -> No action taken. C:\WINDOWS\vsnp2std.exe (Trojan.FakeAlert.H) -> No action taken. C:\Documents and Settings\Gościu\x.exe (Worm.AutoRun.Gen) -> No action taken. C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> No action taken. C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> No action taken. [/log] DRWEB: (tylko takie coś..) [log] Proces w pamięci: C:\WINDOWS\System32\svchost.exe:1500;;BackDoor.Tdss.565;Zniszczony.; setup.exe;C:\WINDOWS\temp\sdvt.tmp;Win32.HLLC.Asdas.7;Usunięty.; faude.exe;c:\documents and settings\gościu;Win32.HLLC.Asdas.7;Usunięty.; skype.exe;c:\documents and settings\gościu\ustawienia lokalne\dane aplikacji\skype\phone;Win32.HLLC.Asdas.7;Usunięty.; [/log] i OTL: [log] OTL logfile created on: 2010-08-01 02:00:08 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\2-Instalki\DiagnozaSystemu Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70,18 Gb Total Space | 12,00 Gb Free Space | 17,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KLIMKI2 Current User Name: H&K Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-04-29 06:47:53 | 006,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-15 18:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2008-06-20 19:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-14 19:20:58 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:42 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:41 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:39 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:35 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2008-04-14 19:20:34 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:20:03 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (wuauserv) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR) DRV - [2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2) DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-17 15:07:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M] [2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions [2009-03-07 12:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010-08-01 00:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions [2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-01 00:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-24 13:31:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-11-05 11:59:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008-07-06 10:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-08-02 17:46:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-12-17 15:08:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009-02-08 23:05:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-11-24 13:31:40 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009-11-24 13:31:40 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008-11-10 06:43:30 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009-11-24 13:31:50 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2004-12-14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010-03-10 06:27:46 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010-03-10 06:28:43 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2010-03-10 06:26:41 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-24 13:31:52 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\ShellBrowser: (&Łącza) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll () O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-01 01:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\DoctorWeb [2010-07-30 21:32:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat [2010-07-30 17:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Dane aplikacji\Malwarebytes [2010-07-30 17:16:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-07-30 17:16:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-07-30 11:39:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-30 09:07:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-07-30 09:07:31 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-07-30 09:07:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-07-30 09:07:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-07-30 09:07:27 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-07-30 09:07:27 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-07-30 09:07:26 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-07-30 09:06:54 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-07-30 09:06:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-07-30 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL [2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA [2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia [2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:02:57 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\H&K\a.bat [2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll [2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing [2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-01 01:44:54 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-08-01 01:44:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-08-01 01:44:35 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe [2010-08-01 01:44:33 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll [2010-08-01 01:44:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-01 01:44:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-01 01:44:20 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2010-08-01 01:43:35 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT [2010-08-01 01:43:13 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini [2010-08-01 01:42:06 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv [2010-08-01 01:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS [2010-07-31 12:39:34 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-07-31 12:39:34 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-07-31 12:39:34 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-07-31 12:39:34 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-07-31 12:39:34 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-07-31 12:18:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat [2010-07-30 21:28:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yludodaqoxoqira.dat [2010-07-30 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-07-30 09:20:30 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-30 09:20:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-07-30 09:20:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-30 09:07:27 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-30 09:05:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qjufipujililu.bin [2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-28 10:02:57 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\H&K\a.bat [2010-07-28 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-07-25 09:38:45 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-01 01:42:06 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv [2010-07-29 10:57:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yludodaqoxoqira.dat [2010-07-29 10:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qjufipujililu.bin [2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll [2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll [2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll [2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll [2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-30 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo [2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage [2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo [2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia [2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player [2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2 [2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite [2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage [2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity [2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo [2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia [2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2 [2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage [2010-08-01 01:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log [2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-07-30 09:20:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log [2010-08-01 01:44:20 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log [2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000 [2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv [2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000 [2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv [2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log [2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR [2010-08-01 01:44:19 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log [2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log [2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk [2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < End of report > [color=#A23BEC]< MD5 for: [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [color=#A23BEC]< MD5 for: [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\cache\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (MICROSOFT CORPORATION) >[/color] [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys < End of report > [/log]
Sohei komentarz 1 sierpnia 2010 komentarz 1 sierpnia 2010 zrobimy inaczej. Pobierz narzędzie flash desinfector. Podłącz do komputera wszystkie pamięci przenośne jakie posiadasz i użyj tego narzędzia. Następnie do OTL wklejasz i klikasz run fix [code]:Processes Explorer.exe :OTL O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL File not found O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | :files C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat C:\Documents and Settings\H&K\a.bat C:\WINDOWS\Yludodaqoxoqira.dat C:\WINDOWS\Qjufipujililu.bin C:\Documents and Settings\H&K\a.bat :Commands [emptytemp] [start explorer] [Reboot][/code] Powtarzasz skany programami z postu 6 SRV - File not found [Auto | Stopped] -- -- (wuauserv) Dodatkowo zapoznaj się z tym tematem http://forum.pcformat.pl/thread-182590.html i postępując zgodnie ze wskazówkami Pawła01 napraw usługę wuauserv(automatyczne aktualizacje)
klimek1313 komentarz 1 sierpnia 2010 Autor komentarz 1 sierpnia 2010 troche strach podlaczac twardy dysk - 320 GB. na nim jest tragedia, nie widac plikow, tylko pozorne skroty, reszta plikow jest jako "Hidden" i nie mozna zmienic tego we wlasciwosciach... ale nic, trudno, sprobuje... raz kozie smierc
Sohei komentarz 1 sierpnia 2010 komentarz 1 sierpnia 2010 zanim go podłączysz zastosuj się do tego http://x86.pl/wylaczenie-autouruchamiania-cd-dvd-usb-pendrive/
klimek1313 komentarz 4 sierpnia 2010 Autor komentarz 4 sierpnia 2010 w koncu: [log] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4052 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 7.0.5730.11 2010-08-04 02:38:12 mbam-log-2010-08-04 (02-38-12).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowano obiektów: 227193 Upłynęło: 59 minut(y), 44 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń)[/log] [log] Proces w pamięci: C:\Program Files\Mozilla Firefox\firefox.exe:1260;;BackDoor.Tdss.565;Zniszczony.; [/log] [log] OTL logfile created on: 2010-08-04 13:48:33 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\2-Instalki\DiagnozaSystemu Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70,18 Gb Total Space | 11,77 Gb Free Space | 16,78% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KLIMKI2 Current User Name: H&K Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-03-16 20:25:16 | 025,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype .exe PRC - [2007-03-15 22:42:34 | 001,914,824 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (wuauserv) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | Unknown | Running] -- -- (DwProt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR) DRV - [2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2) DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M] [2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions [2010-08-04 10:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions [2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-04 10:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL () O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe () O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-08-01 21:36:33 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk - C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe - File not found MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - File not found MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk - C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe - () MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe File not found MsConfig - StartUpReg: [b]ACTray[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe () MsConfig - StartUpReg: [b]ACWLIcon[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe () MsConfig - StartUpReg: [b]AGRSMMSG[/b] - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems) MsConfig - StartUpReg: [b]AMSG[/b] - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO) MsConfig - StartUpReg: [b]AzMixerSel[/b] - hkey= - key= - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]cssauth[/b] - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]Ddiju[/b] - hkey= - key= - C:\WINDOWS\wmacet.DLL File not found MsConfig - StartUpReg: [b]H/PC Connection Agent[/b] - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]LPManager[/b] - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) MsConfig - StartUpReg: [b]lxccmon.exe[/b] - hkey= - key= - C:\Program Files\Lexmark 3300 Series\lxccmon.exe () MsConfig - StartUpReg: [b]mSejf - monitor[/b] - hkey= - key= - C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe File not found MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe File not found MsConfig - StartUpReg: [b]OmniPass[/b] - hkey= - key= - C:\Program Files\Softex\OmniPass\ScureApp.exe () MsConfig - StartUpReg: [b]Picasa Media Detector[/b] - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: [b]tugeb[/b] - hkey= - key= - C:\Documents and Settings\H&K\tugeb.exe File not found MsConfig - StartUpReg: [b]TVT Scheduler Proxy[/b] - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]zkqon[/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon.exe File not found MsConfig - StartUpReg: [b]zkqon [/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon .exe File not found MsConfig - StartUpReg: [b]zkqon [/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon .exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-08-02 06:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\AdobeUM [2010-08-02 06:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Sun [2010-08-02 06:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe [2010-08-01 21:36:33 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010-08-01 01:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\DoctorWeb [2010-07-30 17:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Dane aplikacji\Malwarebytes [2010-07-30 17:16:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-07-30 17:16:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-07-30 11:39:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-30 09:07:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-07-30 09:07:31 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-07-30 09:07:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-07-30 09:07:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-07-30 09:07:27 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-07-30 09:07:27 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-07-30 09:07:26 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-07-30 09:06:54 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-07-30 09:06:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-07-30 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL [2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA [2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia [2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll [2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing [2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll [2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-08-04 13:45:58 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb4082010.csv [2010-08-04 13:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2010-08-04 09:38:26 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT [2010-08-04 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-08-03 18:50:56 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job [2010-08-03 18:50:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-08-03 18:50:19 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe [2010-08-03 18:50:16 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll [2010-08-03 18:50:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-03 18:50:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-03 18:50:05 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2010-08-03 12:39:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini [2010-08-03 12:38:50 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-08-02 09:19:19 | 000,005,006 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWebq.csv [2010-08-01 21:47:43 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-01 21:47:43 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-01 21:47:43 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-01 21:47:43 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-01 21:47:43 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-01 10:22:58 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini [2010-08-01 10:22:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-08-01 10:22:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-08-01 01:42:06 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv [2010-07-30 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job [2010-07-30 09:07:27 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-08-04 13:45:58 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb4082010.csv [2010-08-02 09:19:19 | 000,005,006 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWebq.csv [2010-08-01 01:42:06 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv [2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe [2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe [2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll [2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll [2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll [2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll [2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini [2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-30 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo [2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage [2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo [2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia [2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player [2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2 [2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite [2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage [2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity [2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech [2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo [2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia [2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl [2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2 [2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera [2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite [2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage [2010-08-04 13:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log [2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010-08-01 10:22:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log [2010-08-03 18:50:05 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log [2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000 [2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv [2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000 [2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv [2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log [2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log [2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR [2010-08-03 18:50:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log [2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log [2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk [2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys [2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < End of report > [/log] troszku liche te logi, nie ma chyba za dużo w nich, prawda? pozostał problem: - Backdoora, wciaz coś przypełza z neta? bo avast ciagle krzyczy, że coś chce uruchomić podejrzane aplikacje - przy kopiowaniu plików najeżdżając myszką i klikając "kopiuj" winda zamyka mi explorera.exe. to samo przy Wklej - najważniejsze: wciąż na dysku zewn, który przeskanowalem, nie widzę żadnych plików. nawet jak zmienie na Pokaż ukryte. a są, jest zajęte 100GB i muszą być , bo mam tam zdjęcia z ost 6 lat.......
Tomek01 komentarz 5 sierpnia 2010 komentarz 5 sierpnia 2010 Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst : [code]Files to delete: C:\Documents and Settings\H&K\zkqon.exe C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe C:\WINDOWS\wmacet.DLL Drivers to delete: 5DR8ZAD8GX Ddiju foundzkqon[/code] Klikasz execute, komputer uruchamia się ponownie i generuje raport z usuwania, który chciałbym zobaczyć. Oraz nowe logi OTL i RSIT. Przeskanuj na virustotal mi ten plik, widać świeża modyfikację: C:\WINDOWS\System32\rpcnet.dll
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.