x-kom hosting

Log z Combofixa

klimek1313
utworzono
utworzono

czesc,
rozsypał mi się laptok, pracując na koncie gościa włącza się faude.exe i jest nie do usunięcia. ani z menadżera programów ani nie ma go po odpaleniu msconfig w start-upie. ponadto co chwilę resetuje się explorer.exe "w celu ochrony danych". na koncie administratora procka żre zkqon.exe... eeeech, proszę o pomoc, jestem na robocie wyjazdowej i laptok to mój jedyny kontakt z domem.
dzięki
oto log z Combofixa:
[log]
ComboFix 09-07-01.01 - H&K 2010-07-28 18:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2550.2096 [GMT 2:00]
Uruchomiony z: c:\2-instalki\DiagnozaSystemu\ComboFix.exe
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\H&K\USTAWI~1\Temp\Del2.tmp
c:\windows\010112010146118114.dat

.
((((((((((((((((((((((((( Pliki utworzone od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 10:01 . 2010-07-28 10:02 -------- d-----w- C:\_SMA
2010-07-28 08:09 . 2010-07-28 08:09 -------- d-----w- c:\documents and settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1}
2010-07-28 08:05 . 2010-07-28 08:04 194560 ----a-w- c:\windows\Gvumua.exe
2010-07-28 08:02 . 2010-07-28 08:02 108 ----a-w- c:\documents and settings\H&K\a.bat
2010-07-28 08:02 . 2010-07-28 08:02 131072 --sh--r- c:\documents and settings\H&K\zkqon.exe
2010-07-28 08:02 . 2010-07-28 06:51 73728 ----a-w- c:\documents and settings\H&K\u.exe
2010-07-28 08:02 . 2010-07-28 06:47 117760 ----a-w- c:\documents and settings\H&K\s.exe
2010-07-28 08:02 . 2010-07-28 06:28 73728 ----a-w- c:\documents and settings\H&K\r.exe
2010-07-28 08:02 . 2010-07-28 06:09 131072 ----a-w- c:\documents and settings\H&K\a.exe
2010-07-18 09:35 . 2010-07-18 09:35 -------- d-----w- c:\program files\Xing
2010-07-18 09:35 . 1998-12-16 10:08 317952 ----a-w- c:\windows\system32\Roboex32.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 16:35 . 2009-07-16 05:16 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-07-28 16:35 . 2008-11-07 15:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-07-28 10:15 . 2007-06-16 09:02 89144 ----a-w- c:\windows\system32\perfc015.dat
2010-07-28 10:15 . 2007-06-16 09:02 500720 ----a-w- c:\windows\system32\perfh015.dat
2010-07-28 10:02 . 2010-03-05 03:21 -------- d-----w- c:\documents and settings\H&K\Dane aplikacji\Skype
2010-07-24 23:08 . 2007-06-16 01:50 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-07-18 09:35 . 2009-02-20 17:32 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-08 20:18 . 2007-11-07 15:24 -------- d-----w- c:\program files\HAM
2010-07-06 08:41 . 2009-01-09 13:53 1 ----a-w- c:\documents and settings\H&K\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys
2010-07-06 08:26 . 2007-11-22 10:29 -------- d-----w- c:\program files\Lx_cats
2010-06-06 03:38 . 2009-07-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2003-11-16 22:18 . 2009-09-11 15:38 172032 ----a-r- c:\program files\Matematyka.exe
2003-11-16 22:18 . 2009-09-11 15:38 380928 ----a-r- c:\program files\Piklib42.dll
2003-08-12 13:53 . 2009-09-11 15:38 159744 ----a-r- c:\program files\Uninstall.exe
2002-06-20 14:22 . 2009-09-11 15:38 51 ----a-r- c:\program files\am.url
2000-06-06 19:05 . 2009-09-11 15:38 142 ----a-r- c:\program files\Matematyka.ini
2000-05-22 10:30 . 2009-09-11 15:38 5054880 ----a-r- c:\program files\m1.wav
2000-05-22 10:30 . 2009-09-11 15:38 3178396 ----a-r- c:\program files\m2.wav
2000-05-22 10:30 . 2009-09-11 15:38 3226364 ----a-r- c:\program files\m3.wav
2000-05-22 10:30 . 2009-09-11 15:38 3973400 ----a-r- c:\program files\m4.wav
2000-05-22 10:29 . 2009-09-11 15:38 1680256 ----a-r- c:\program files\m5.wav
.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_06.14.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-16 09:04 . 2008-04-14 17:20 73728 c:\windows\wmacet.dll
+ 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 20:51 . 2007-11-06 20:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2005-09-22 23:16 . 2005-09-22 23:16 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-22 23:16 . 2005-09-22 23:16 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2009-10-09 14:06 . 2009-10-09 14:07 26483 c:\windows\unins001.dat
+ 2010-07-28 16:35 . 2010-07-28 16:35 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2009-11-26 16:04 . 1995-08-03 15:06 12800 c:\windows\system32\WING32.DLL
+ 2009-11-26 16:04 . 1995-08-03 15:06 92208 c:\windows\system32\WING.DLL
+ 2007-10-09 10:58 . 2007-10-09 10:58 16896 c:\windows\system32\tswpfwrp.exe
+ 2009-07-06 07:27 . 2007-03-22 18:54 35840 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-07-06 07:27 . 2007-03-22 18:24 28160 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-07-06 07:27 . 2006-06-29 11:07 14048 c:\windows\system32\spmsg2.dll
- 2008-10-29 13:13 . 2008-11-07 15:32 17408 c:\windows\system32\rpcnetp.dll
+ 2008-10-29 13:13 . 2009-07-16 05:16 17408 c:\windows\system32\rpcnetp.dll
+ 2009-11-26 18:22 . 1995-11-25 10:36 76288 c:\windows\system32\RLDDI.DLL
+ 2009-11-26 17:14 . 1995-11-25 10:36 76288 c:\windows\system32\RLDDF.DLL
+ 2007-10-09 11:03 . 2007-10-09 11:03 33304 c:\windows\system32\PresentationHostProxy.dll
+ 2007-06-16 09:02 . 2010-07-28 10:15 71506 c:\windows\system32\perfc009.dat
+ 2007-10-11 07:55 . 2007-10-11 07:55 88576 c:\windows\system32\infocardapi.dll
+ 2008-01-18 07:33 . 2009-10-21 16:45 33792 c:\windows\system32\identprv.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 11776 c:\windows\system32\icardres.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 73752 c:\windows\system32\dxva2.dll
+ 2006-11-06 16:04 . 2006-11-06 16:04 28672 c:\windows\system32\drivers\wceusbsh.sys
- 2008-02-23 02:38 . 2008-02-23 02:38 43872 c:\windows\system32\drivers\pxhelp20.sys
+ 2008-11-20 19:19 . 2008-11-20 19:19 43872 c:\windows\system32\drivers\pxhelp20.sys
+ 2009-08-21 07:30 . 2008-06-19 15:24 28544 c:\windows\system32\drivers\pavboot.sys
+ 2006-11-06 16:04 . 2006-11-06 16:04 28672 c:\windows\system32\dllcache\wceusbsh.sys
+ 2007-03-22 18:24 . 2007-03-22 18:24 28160 c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
- 2007-06-16 01:47 . 2009-07-02 06:12 65536 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-16 01:47 . 2010-07-28 16:35 65536 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-16 01:47 . 2010-07-28 16:35 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2007-06-16 01:47 . 2009-07-02 06:12 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2007-06-16 01:47 . 2009-07-02 06:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-06-16 01:47 . 2010-07-28 16:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-13 13:56 . 2006-11-13 13:56 23336 c:\windows\system32\ceutil.dll
+ 2009-11-26 16:04 . 2009-09-23 20:07 12800 c:\windows\system\WING32.DLL
+ 2009-11-26 16:04 . 2009-09-23 20:07 92208 c:\windows\system\WING.DLL
+ 2007-11-07 17:02 . 2007-11-07 17:02 71160 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2007-11-07 17:02 . 2007-11-07 17:02 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2007-11-07 17:02 . 2007-11-07 17:02 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2052.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1042.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 95736 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1041.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 90104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1028.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 83456 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2052.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 93696 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1042.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 96768 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1041.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1028.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe
+ 2007-11-07 17:02 . 2007-11-07 17:02 28672 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2007-11-07 17:02 . 2007-11-07 17:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2007-11-07 17:02 . 2007-11-07 17:02 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2007-10-09 10:58 . 2007-10-09 10:58 14848 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 10:58 . 2007-10-09 10:58 36864 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 10:58 . 2007-10-09 10:58 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 76312 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-06 01:18 . 2007-10-06 01:18 16936 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-11 07:55 . 2007-10-11 07:55 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 11264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 61440 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2009-10-09 13:56 . 2009-10-09 14:03 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2009-10-09 13:56 . 2009-10-09 14:03 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2009-07-06 08:02 . 2009-07-06 08:02 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fbcb343f14b7a8940d8cd2cb41d6d23a\System.Windows.Presentation.ni.dll
+ 2009-07-06 07:37 . 2009-07-06 07:37 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2009-07-06 07:53 . 2009-07-06 07:53 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 90112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f0ec6afa0c80c2626409b1c0a2f77cb4\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8acff37d1532e69ddd3d18c091f52541\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\d46c1a7621e75f35ca8e52f1d99b4885\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b853ec09162fa93757d7bbb0d5435f4e\Microsoft.Build.Framework.ni.dll
+ 2009-07-06 07:51 . 2009-07-06 07:51 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\31e3fd56254057628ba95a80bf0d1617\MetaGen.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 45056 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\4ef61b4662062db98febc5026bcb27db\EnvDTE90.ni.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 81920 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 86016 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 10240 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 40960 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 40960 c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.9.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 12288 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.XmlEditor\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.XmlEditor.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WCFReference.Interop\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WCFReference.Interop.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.WCF\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.WCF.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 19456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.9.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 13824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 40960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.VSCodeProvider\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeProvider.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 87040 c:\windows\assembly\GAC_32\Microsoft.VisualC.VSCodeParser\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeParser.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 12288 c:\windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 12800 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProject.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 40960 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 18944 c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll
+ 2009-09-11 15:40 . 2003-05-15 10:36 32768 c:\windows\AM\globalUninst.exe
+ 2009-11-26 16:04 . 1995-08-03 15:06 6736 c:\windows\system32\WINGDIB.DRV
+ 2009-11-03 00:51 . 2009-11-03 00:51 9728 c:\windows\system32\wceprv.dll
+ 2008-09-02 05:21 . 2001-08-18 06:34 8192 c:\windows\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2009-02-20 17:32 . 2010-03-10 04:26 5632 c:\windows\system32\pndx5032.dll
- 2009-02-20 17:32 . 2009-02-20 17:32 5632 c:\windows\system32\pndx5032.dll
- 2009-02-20 17:32 . 2009-02-20 17:32 6656 c:\windows\system32\pndx5016.dll
+ 2009-02-20 17:32 . 2010-03-10 04:26 6656 c:\windows\system32\pndx5016.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 2560 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
+ 2009-07-06 07:33 . 2009-07-06 07:33 5120 c:\windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 7680 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 6656 c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 868864 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcp90d.dll
+ 2007-11-06 18:24 . 2007-11-06 18:24 311808 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcm90d.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 18:23 . 2007-11-06 18:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-10-09 14:06 . 2009-10-09 14:06 709641 c:\windows\unins001.exe
+ 2007-10-09 11:03 . 2007-10-09 11:03 308760 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-03-23 04:07 . 2007-03-23 04:07 583504 c:\windows\system32\XPSSHHDR.dll
+ 2009-11-26 16:04 . 1995-08-03 15:06 188960 c:\windows\system32\WINGDE.DLL
+ 2007-10-09 11:03 . 2007-10-09 11:03 161304 c:\windows\system32\UIAutomationCore.dll
+ 2009-07-06 07:27 . 2007-03-22 18:24 762880 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-07-06 07:27 . 2007-03-22 18:24 762880 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-07-06 07:27 . 2007-03-22 18:53 746496 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-07-06 07:27 . 2007-03-22 18:53 746496 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-22 18:25 . 2007-03-22 18:25 677376 c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2007-07-22 11:05 . 2007-03-22 19:03 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2007-07-22 11:05 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-10-18 17:50 . 2005-06-25 12:16 480256 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2009-10-18 17:50 . 2005-06-25 12:16 138240 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2007-03-22 18:24 . 2007-03-22 18:24 131584 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 18:24 . 2007-03-22 18:24 762880 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-09-02 05:20 . 2001-08-18 06:34 136192 c:\windows\system32\spool\drivers\w32x86\3\hpcfont.dll
+ 2009-02-20 17:32 . 2010-03-10 04:27 185920 c:\windows\system32\rmoc3260.dll
+ 2006-08-24 14:15 . 2006-08-24 14:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2006-11-13 13:57 . 2006-11-13 13:57 138024 c:\windows\system32\rapi.dll
+ 2007-03-22 18:25 . 2007-03-22 18:25 124928 c:\windows\system32\prntvpt.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 779800 c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 350744 c:\windows\system32\PresentationHost.exe
+ 2007-10-09 11:03 . 2007-10-09 11:03 106520 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
- 2009-02-20 17:32 . 2009-02-20 17:32 278528 c:\windows\system32\pncrt.dll
+ 2009-02-20 17:32 . 2010-03-10 04:23 278528 c:\windows\system32\pncrt.dll
+ 2007-06-16 09:02 . 2010-07-28 10:15 441822 c:\windows\system32\perfh009.dat
+ 2007-10-11 07:55 . 2007-10-11 07:55 579584 c:\windows\system32\icardagt.exe
+ 2007-06-16 09:02 . 2009-07-07 05:14 129296 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-09 11:03 . 2007-10-09 11:03 493080 c:\windows\system32\evr.dll
+ 2007-03-23 04:07 . 2007-03-23 04:07 583504 c:\windows\system32\dllcache\XPSSHHDR.dll
+ 2007-03-22 18:25 . 2007-03-22 18:25 677376 c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
+ 2007-06-16 09:03 . 2005-02-18 03:59 226816 c:\windows\system32\dllcache\CEWMDM.dll
+ 2007-06-16 09:03 . 2005-02-18 03:59 226816 c:\windows\system32\CEWMDM.dll
+ 2007-10-19 00:58 . 2007-10-19 00:58 182288 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2007-11-07 17:02 . 2007-11-07 17:02 794624 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 982008 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapUI.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.3082.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2070.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1053.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1049.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1046.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1045.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1044.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1043.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1040.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1038.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1037.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1036.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1035.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1032.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1031.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1030.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1029.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1025.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 687104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsscenario.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 411136 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsbasereqs.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 627712 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs70uimgr.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 109568 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 130560 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.3082.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2070.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 119808 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1055.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1053.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1049.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1046.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 126976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1045.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1044.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1043.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1040.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1038.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1037.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1036.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 120832 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1035.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 136192 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1032.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 129536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1031.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1030.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 124416 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1029.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 112128 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
+ 2007-11-07 14:26 . 2007-11-07 14:26 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 276472 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll
+ 2007-11-07 17:00 . 2007-11-07 17:00 210834 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat
+ 2007-11-07 17:02 . 2007-11-07 17:02 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2007-11-07 17:02 . 2007-11-07 17:02 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2007-10-09 10:58 . 2007-10-09 10:58 897024 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 121368 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-08-05 20:30 . 2007-08-05 20:30 797696 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 143360 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 07:55 . 2007-10-11 07:55 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 929792 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 122880 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 07:55 . 2007-10-11 07:55 102400 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 151552 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 864256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 07:55 . 2007-10-11 07:55 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2010-02-01 02:26 . 1998-10-29 15:45 306688 c:\windows\IsUninst.exe
+ 2009-04-17 06:59 . 2009-04-17 06:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
+ 2009-07-06 08:02 . 2009-07-06 08:02 270336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 458752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0e1c79174260c4e2bf159a2cc1d77338\System.Xml.Linq.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1e0ce08988c4cd1659caa7981b4c60fc\System.Web.Extensions.Design.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\3cefb375df4f668badf6dc74f3288960\System.Net.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 356352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0c0688825a79e72951210318eef63c82\System.Management.Instrumentation.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 417792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 241664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 937984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11892d4e65aaa4f475af5608b9497007\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c014bb2f4ee4bf27c65ce1d1d78d750c\System.Data.DataSetExtensions.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\514e98c9aa203a2983cbf329753cb9c3\System.AddIn.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\eeb4d1669350e6eb17e48b867655aeba\System.AddIn.Contract.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 323584 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2009-07-06 07:52 . 2009-07-06 07:52 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2009-07-06 07:38 . 2009-07-06 07:38 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 274432 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 552960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
+ 2009-07-06 07:53 . 2009-07-06 07:53 942080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8b1110e7e4135c16c80b28c20c936c21\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 569344 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6166e3fc3f2c2c05e46db41cd3276cd6\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4f9a6decb1ddfe8fce793dca691f9728\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 315392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\46dc1ade48ce95e87fdd6f7697fa4af1\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3712627e5b7d9400e3734fc816cb9b60\Microsoft.VisualStudio.Configuration.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\217108b36750d84f0d1608ef0a7a5e09\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 901120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\09fff63fc30e6f0777d755700193c229\Microsoft.VisualStudio.Shell.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\da5206e4c016dbdb944957d0046d7869\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d097b5a3c886d0c3b053f46b7a310501\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\f6a0413820cfe5b04051b079dc13acd3\EnvDTE80.ni.dll
+ 2009-07-06 07:51 . 2009-07-06 07:51 589824 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\8650892be322380fef81e7671b3863c7\EnvDTE.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 503808 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2009-07-06 07:28 . 2009-07-06 07:28 372736 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 163840 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 517152 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 578592 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 327680 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 496672 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 159744 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 929792 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 139264 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 282624 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 667648 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 663552 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 159744 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 102400 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 897024 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 151552 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 376832 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 131072 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 184320 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 602112 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 139264 c:\windows\assembly\GAC_MSIL\msddsp\9.0.0.0__b03f5f7f11d50a3a\msddsp.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 274432 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 552960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 368640 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 184320 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 356352 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.9.0\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.9.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 344064 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService.9.0\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.9.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 557056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 200704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Services\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Services.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 172032 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Framework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Framework.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 794624 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 737280 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-07-06 07:31 . 2009-07-06 07:31 102400 c:\windows\assembly\GAC_MSIL\CppCodeProvider\8.0.0.0__b03f5f7f11d50a3a\CppCodeProvider.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 346624 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 151552 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 143360 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProjectEngine.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 106496 c:\windows\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCCodeModel.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 114688 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 249856 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 172032 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 118784 c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 126976 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 176128 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2009-07-06 07:31 . 2009-07-06 07:31 245760 c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
+ 2007-06-16 09:04 . 2008-04-14 17:20 198144 c:\windows\acoqurejadan.dll
+ 2009-10-09 13:57 . 2004-11-18 08:45 371936 c:\windows\$NtUninstallKB894476$\spuninst\updspapi.dll
+ 2009-10-09 13:57 . 2004-11-18 08:44 209632 c:\windows\$NtUninstallKB894476$\spuninst\spuninst.exe
+ 2009-10-09 13:57 . 2005-01-28 11:44 164864 c:\windows\$NtUninstallKB894476$\cewmdm.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_597c3456\msvcr90d.dll
+ 2005-09-22 23:16 . 2005-09-22 23:16 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-22 23:16 . 2005-09-22 23:16 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\XpsSvcs.dll
+ 2009-07-06 07:27 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-07-06 07:27 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-07-06 07:27 . 2007-03-22 18:59 2932224 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-07-06 07:27 . 2007-03-22 18:59 2932224 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-10-09 11:03 . 2007-10-09 11:03 1986072 c:\windows\system32\milcore.dll
+ 2009-05-01 18:30 . 2009-05-01 18:30 3366912 c:\windows\system32\GPhotos.scr
+ 2007-03-23 04:07 . 2007-03-23 04:07 1683280 c:\windows\system32\dllcache\XpsSvcs.dll
+ 2007-11-07 17:02 . 2007-11-07 17:02 1710584 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2007-11-07 14:26 . 2007-11-07 14:26 1045504 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 1361920 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\SITSetup.dll
+ 2007-11-07 14:26 . 2007-11-07 14:26 1059328 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll
+ 2007-11-07 17:02 . 2007-11-07 17:02 1545720 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2007-08-05 20:30 . 2007-08-05 20:30 2628608 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2007-08-05 20:30 . 2007-08-05 20:30 4874240 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2007-10-11 07:55 . 2007-10-11 07:55 5971968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-07-06 07:37 . 2009-07-06 07:37 3395584 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 1531904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\4b5a5ae7e0127bc7198e25e642a93657\System.WorkflowServices.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 2088960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 4579328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2009-07-06 08:02 . 2009-07-06 08:02 3084288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e53994294a9806e82eec3da5a92df440\System.Web.Extensions.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 2039808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 1556480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b500bb89ae2cc514f4b1c34e5fa26d75\System.ServiceModel.Web.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 2445312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 1134592 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 1064960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 2588672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b764aeb88006085c9cc4202662de94f6\System.Data.Linq.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\11a9cf08e5bb06e0770b2b6bbe06df39\System.Core.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 1581056 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 1982464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1e813f823db2682c27f52c57dd36ee10\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 1232896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2009-07-06 08:01 . 2009-07-06 08:01 2441216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19fcf0383bc2340da2d15e1370ef0990\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-07-06 07:53 . 2009-07-06 07:53 1892352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\1cfe3ed0c5b5f63d49185967fa4bfe17\Microsoft.Build.Engine.ni.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 1204224 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 1635376 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 1152040 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-07-06 07:29 . 2009-07-06 07:29 1253376 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 5971968 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 5210112 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 4386816 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 2711552 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
+ 2009-07-06 07:28 . 2009-07-06 07:28 4174336 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-07-06 07:32 . 2009-07-06 07:32 1712128 c:\windows\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-07-06 07:34 . 2009-07-06 07:34 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-07-06 07:52 . 2009-07-06 07:52 18071552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2009-07-06 07:38 . 2009-07-06 07:38 15036416 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2009-07-06 07:37 . 2009-07-06 07:37 12570624 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-16 25268264]
"Ddiju"="c:\windows\wmacet.dll" [2008-04-14 73728]
"zkqon"="c:\documents and settings\H&K\zkqon.exe" [2010-07-28 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"Fdonife"="c:\windows\acoqurejadan.dll" [2008-04-14 198144]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-10-11 16267776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-10-16 12:30 49152 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-01-11 06:05 13824 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk]
path=c:\documents and settings\H&K\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 2.0.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk]
path=c:\documents and settings\H&K\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Gościu\\Ustawienia lokalne\\Dane aplikacji\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-08-21 28544]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 BridDfu;Access Point (AR) Device Driver;c:\windows\system32\Drivers\BridDfu.sys --> c:\windows\system32\Drivers\BridDfu.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ZioVeG.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}]
\Shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
Zawartość folderu 'Zaplanowane zadania'

2010-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-28 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-07-28 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Gvumua.exe [2010-07-28 08:04]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-5DR8ZAD8GX - c:\docume~1\H&K\USTAWI~1\Temp\Gc0.exe


.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mks.com.pl\www
FF - ProfilePath - c:\documents and settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: XULRunner: {F04FB01E-B108-4183-BEFC-024138D741B1} - c:\documents and settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 18:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\tphklock.dll
.
Czas ukończenia: 2010-07-28 18:45
ComboFix-quarantined-files.txt 2010-07-28 16:45
ComboFix2.txt 2009-07-02 06:16
ComboFix3.txt 2008-08-02 15:41

Przed: 13 146 841 088 bajtów wolnych
Po: 13 557 374 976 bajtów wolnych

579 --- E O F --- 2009-06-10 22:51
[/log]

Sohei
komentarz
komentarz

Wrzuć logi z programów:
[url=http://oldtimer.geekstogo.com/OTL.exe][b][color=blue]OTL[/color][/b][/url]
Ustaw [b]Processes[/b] i [b]Modules[/b] na [b]All[/b] a w [b]Custom Scans/Fixes[/b] wklej:
[quote]netsvcs
msconfig
safebootminimal
safebootnetwork
%systemdrive%\*.*[/quote]

[url=http://images.malwareremoval.com/random/RSIT.exe][b][color=blue]RSIT[/color][/b][/url]
[url=http://www.gmer.net/][b][color=blue]Gmer[/color][/b][/url]

klimek1313
komentarz
komentarz (edytowane)

ok, a jak zrobić by logi otwieraly sie w tym wąskim pasku? tu na forum?

Sohei
komentarz
komentarz

w tag [log^] [/log] (bez znaczka ^)

klimek1313
komentarz
komentarz (edytowane)

OTL:
[log] OTL logfile created on: 2010-07-29 18:36:23 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\H&K\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,18 Gb Total Space | 12,64 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KLIMKI2
Current User Name: H&K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe
PRC - [2010-07-28 10:04:29 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe
PRC - [2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe
PRC - [2010-03-10 06:23:22 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009-04-25 07:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-11-10 06:43:42 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:44 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [mi]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 19:21:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-03-16 20:25:16 | 025,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2007-03-15 22:42:34 | 001,914,824 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006-08-21 23:54:08 | 000,033,128 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006-07-10 20:33:00 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2006-05-08 03:34:06 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
PRC - [2006-04-20 00:29:44 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004-07-27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe
MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,198,144 | ---- | M] () -- C:\WINDOWS\acoqurejadan.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR)
DRV - [2010-07-25 01:08:51 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M]

[2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions
[2010-07-29 10:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions
[2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-07-29 10:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Fdonife] C:\WINDOWS\acoqurejadan.DLL ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL (MaresWEB)
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe ()
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\winesm32.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk - C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk - C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe - ()
MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe File not found
MsConfig - StartUpReg: [b]ACTray[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe ()
MsConfig - StartUpReg: [b]ACWLIcon[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
MsConfig - StartUpReg: [b]AGRSMMSG[/b] - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: [b]AMSG[/b] - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
MsConfig - StartUpReg: [b]AzMixerSel[/b] - hkey= - key= - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]cssauth[/b] - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
MsConfig - StartUpReg: [b]H/PC Connection Agent[/b] - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]LPManager[/b] - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: [b]lxccmon.exe[/b] - hkey= - key= - C:\Program Files\Lexmark 3300 Series\lxccmon.exe ()
MsConfig - StartUpReg: [b]mSejf - monitor[/b] - hkey= - key= - C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe File not found
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]OmniPass[/b] - hkey= - key= - C:\Program Files\Softex\OmniPass\ScureApp.exe ()
MsConfig - StartUpReg: [b]Picasa Media Detector[/b] - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: [b]tugeb[/b] - hkey= - key= - C:\Documents and Settings\H&K\tugeb.exe File not found
MsConfig - StartUpReg: [b]TVT Scheduler Proxy[/b] - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - StartUpReg: [b]zkqon[/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-29 11:33:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe
[2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA
[2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1}
[2010-07-28 10:05:21 | 000,194,560 | ---- | C] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe
[2010-07-28 10:02:18 | 000,117,760 | ---- | C] (Electronic Arts) -- C:\Documents and Settings\H&K\s.exe
[2010-07-28 10:02:18 | 000,073,728 | ---- | C] (MaresWEB) -- C:\Documents and Settings\H&K\u.exe
[2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll
[2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing
[2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-07-29 18:36:33 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
[2010-07-29 18:05:14 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-07-29 16:50:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yludodaqoxoqira.dat
[2010-07-29 11:46:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe
[2010-07-29 11:40:37 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\RSIT.exe
[2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\H&K\Pulpit\OTL.exe
[2010-07-29 10:57:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qjufipujililu.bin
[2010-07-29 01:22:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-07-29 01:22:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-07-29 01:08:34 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010-07-29 01:08:32 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010-07-29 01:08:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-29 01:08:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-29 01:08:22 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2010-07-28 18:54:25 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT
[2010-07-28 18:54:25 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini
[2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-28 18:42:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-28 12:15:58 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-28 12:15:58 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-07-28 12:15:58 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-28 12:15:58 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-07-28 12:15:58 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-28 12:02:33 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-28 12:02:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-28 10:04:29 | 000,194,560 | ---- | M] (Electronic Arts, Inc.) -- C:\WINDOWS\Gvumua.exe
[2010-07-28 10:02:57 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\H&K\a.bat
[2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe
[2010-07-28 08:51:06 | 000,073,728 | ---- | M] (MaresWEB) -- C:\Documents and Settings\H&K\u.exe
[2010-07-28 08:47:19 | 000,117,760 | ---- | M] (Electronic Arts) -- C:\Documents and Settings\H&K\s.exe
[2010-07-28 08:28:12 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\H&K\r.exe
[2010-07-28 08:09:24 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\H&K\a.exe
[2010-07-28 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-07-25 12:42:32 | 007,972,034 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip.part
[2010-07-25 12:42:32 | 007,524,914 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip.part
[2010-07-25 12:15:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip
[2010-07-25 12:15:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip
[2010-07-25 09:38:45 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-07-25 01:08:51 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010-07-23 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-29 18:04:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-07-29 11:42:18 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe
[2010-07-29 11:38:44 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\RSIT.exe
[2010-07-29 10:57:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yludodaqoxoqira.dat
[2010-07-29 10:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qjufipujililu.bin
[2010-07-28 10:02:57 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\H&K\a.bat
[2010-07-28 10:02:52 | 000,131,072 | RHS- | C] () -- C:\Documents and Settings\H&K\zkqon.exe
[2010-07-28 10:02:18 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\H&K\a.exe
[2010-07-28 10:02:18 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\H&K\r.exe
[2010-07-25 12:15:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip
[2010-07-25 12:15:26 | 007,972,034 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-misc-4.2.3.zip.part
[2010-07-25 12:15:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip
[2010-07-25 12:15:12 | 007,524,914 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\allegro-msvc9-4.2.3.zip.part
[2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe
[2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll
[2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll
[2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll
[2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini
[2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-06-16 11:04:31 | 000,198,144 | ---- | C] () -- C:\WINDOWS\acoqurejadan.dll
[2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
[2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage
[2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo
[2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia
[2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player
[2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2
[2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite
[2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage
[2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity
[2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo
[2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia
[2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2
[2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage
[2010-07-29 18:36:33 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
[2010-07-29 18:05:14 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-07-28 12:02:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log
[2010-07-29 01:08:22 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log
[2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000
[2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000
[2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv
[2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log
[2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR
[2010-07-29 01:08:21 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log
[2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk
[2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
[2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< End of report >
[/log]

RSIT log:
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by H&K at 2010-07-29 11:48:45
Microsoft Windows XP Home Edition Dodatek Service Pack 3
System drive C: has 13 GB (18%) free of 72 GB
Total RAM: 2550 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-07-14 719616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe [2006-05-08 94208]
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2006-04-20 24576]
"PMHandler"=C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2006-08-21 33128]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-11 16267776]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-12 1282048]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-07-10 675840]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-10 202256]
"Fdonife"=C:\WINDOWS\acoqurejadan.dll [2008-04-14 198144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-03-16 25268264]
"Ddiju"=C:\WINDOWS\wmacet.dll [2008-04-14 73728]
"zkqon"=C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5DR8ZAD8GX]
C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-10-05 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-10-05 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2006-08-30 89542]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2005-11-22 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-01-25 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2006-07-03 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mSejf - monitor]
C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Program Files\Softex\OmniPass\scureapp.exe [2006-10-16 2502656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-19 774233]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tugeb]
C:\Documents and Settings\H&K\tugeb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2006-07-14 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zkqon]
C:\Documents and Settings\H&K\zkqon.exe [2010-07-28 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-06-30 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2006-01-17 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk]
C:\PROGRA~1\OPENOF~1.PL3\program\QUICKS~1.EXE [2008-10-18 17408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2006-10-16 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2006-01-11 13824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe"="C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe:*:Enabled:HTTP-Tunnel Client"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Documents and Settings\Gościu\Ustawienia lokalne\Dane aplikacji\Skype\Phone\Skype.exe"="C:\Documents and Settings\Gościu\Ustawienia lokalne\Dane aplikacji\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-07-29 11:48:45 ----D---- C:\rsit
2010-07-29 11:47:30 ----D---- C:\_OTL
2010-07-28 18:45:19 ----A---- C:\ComboFix.txt
2010-07-28 12:01:06 ----D---- C:\_SMA
2010-07-28 10:05:21 ----A---- C:\WINDOWS\Gvumua.exe
2010-07-18 11:35:57 ----D---- C:\Program Files\Xing
2010-07-18 11:35:57 ----A---- C:\WINDOWS\system32\Roboex32.dll

======List of files/folders modified in the last 1 months======

2010-07-29 11:51:57 ----D---- C:\Program Files\Trend Micro
2010-07-29 11:45:09 ----SD---- C:\WINDOWS\Tasks
2010-07-29 11:29:45 ----A---- C:\WINDOWS\ModemLog_Modem Bluetooth.txt
2010-07-29 11:29:36 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-07-29 11:28:21 ----D---- C:\Documents and Settings\H&K\Dane aplikacji\Skype
2010-07-29 10:57:34 ----D---- C:\WINDOWS
2010-07-29 10:41:16 ----D---- C:\Program Files\Mozilla Firefox
2010-07-29 10:27:55 ----D---- C:\SWSHARE
2010-07-29 01:08:34 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2010-07-29 01:08:32 ----D---- C:\WINDOWS\Temp
2010-07-29 01:08:32 ----A---- C:\WINDOWS\system32\rpcnet.dll
2010-07-28 18:54:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-28 18:45:25 ----AD---- C:\WINDOWS\system32
2010-07-28 18:45:24 ----D---- C:\WINDOWS\system32\drivers
2010-07-28 18:43:10 ----D---- C:\QooBox
2010-07-28 18:42:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-28 18:42:37 ----A---- C:\WINDOWS\system.ini
2010-07-28 18:37:31 ----D---- C:\WINDOWS\Prefetch
2010-07-28 12:15:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-28 12:02:33 ----RASH---- C:\boot.ini
2010-07-28 12:02:33 ----A---- C:\WINDOWS\win.ini
2010-07-25 09:38:45 ----A---- C:\WINDOWS\winamp.ini
2010-07-25 09:37:36 ----AD---- C:\5-Muzyka
2010-07-18 11:35:58 ----D---- C:\Program Files\Common Files\xing shared
2010-07-18 11:35:57 ----RD---- C:\Program Files
2010-07-18 11:25:02 ----A---- C:\ashampoo-acdw-log.txt
2010-07-08 22:18:22 ----D---- C:\Program Files\HAM
2010-07-07 21:51:58 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe
2010-07-06 10:26:03 ----D---- C:\Program Files\Lx_cats

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 PMHler;PMHler; C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 10240]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2006-02-28 18101]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-17 7168]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-08-30 1161152]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-07-14 121216]
R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Urządzenie dźwiękowe Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061]
R3 BTDriver;Sterownik do komunikacji wirtualnej Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459]
R3 BTKRNL;Licznik magistrali Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-01-17 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-10-12 4387328]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-09-08 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-07-10 10304384]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-19 193088]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BridDfu;Access Point (AR) Device Driver; C:\WINDOWS\System32\Drivers\BridDfu.sys []
S3 BTWDNDIS;Serwer dostępu do sieci LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900]
S3 catchme;catchme; \??\C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Sterownik karty Intel(R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-26 117760]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr magistrali AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr magistrali AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Sterownik filtru magistrali AGP AMD; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240]
S4 sisagp;Filtr magistrali AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-10-05 53248]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-10-05 167936]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2006-10-16 32768]
R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2006-05-24 57344]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2009-06-06 56680]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2006-11-17 15872]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2006-07-14 629504]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2006-07-14 950272]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe [2006-11-16 23552]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 WMConnectCDS;Usługa Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-12 20480]

-----------------EOF-----------------
[/log]

RSIT info;
[log] info.txt logfile of random's system information tool 1.08 2010-07-29 11:52:10

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x15
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems HDA Modem-->agrsmdel
Aktualizacja dla systemu Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
Championship Manager 01-02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Championship Manager 01-02\Uninst.isu"
Client Security Solution-->MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1}
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{F9CCC3C3-F99F-4183-AF6F-F22E36D36FAB}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HAM-->C:\WINDOWS\HAM Uninstaller.exe
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Inst5657-->MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Integrated Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Lenovo Care Supplement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Care System Update Toolbar Button for IE-->MsiExec.exe /I{DA320635-F48C-4613-8325-D75A933C549E}
Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove
Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Matematyka-->C:\Program Files\Edukacja XXI wieku\Matematyka\Uninstall.exe
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 — pakiet języka polskiego-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PLK\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU-->MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Niezbędnik CD-->C:\WINDOWS\unins000.exe
Nokia Connectivity Cable Driver-->MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
OmniPass 4.00.54-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
On Screen Display-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\HOTKEY\tphkinst.inf
OpenOffice.ux.pl 3.0-->MsiExec.exe /I{4E5AFCDB-0ACA-49FA-9854-0E9E8469F33E}
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
Pakiet sterowników systemu Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe"
PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B}
Poprawka dla systemu Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
QuickTime Alternative 2.9.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x15 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Rescue and Recovery-->MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA}
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roxio Digital Media LE-->C:\swtools\apps\DigMedLE\customiz\sequencer.exe -fc:\swtools\apps\DigMedLE\customiz\uninst.seq
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
save2pc Light 3.39-->"C:\Program Files\FDRLab\save2pc\unins000.exe"
Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe
Skype 3.1-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPSS 12.0PL for Windows-->MsiExec.exe /I{4AA61A60-6970-4a41-B644-170EBA077049}
Stellarium 0.9.0-->"C:\Program Files\Stellarium\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {72005434-30E9-49D9-A5E4-D1AE5D34DB71}
Windows Live Toolbar-->MsiExec.exe /X{72005434-30E9-49D9-A5E4-D1AE5D34DB71}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

=====HijackThis Backups=====

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) [2008-08-02]

======System event log======

Computer Name: KLIMKI2
Event Code: 7036
Message: Usługa Usługa odnajdywania SSDP weszła w stan uruchomienia.

Record Number: 74331
Source Name: Service Control Manager
Time Written: 20100608131454.000000+120
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 7035
Message: Do usługi Usługa odnajdywania SSDP został pomyślnie wysłany kod sterowania uruchom.

Record Number: 74330
Source Name: Service Control Manager
Time Written: 20100608131453.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KLIMKI2
Event Code: 7036
Message: Usługa Zgodność szybkiego przełączania użytkowników weszła w stan uruchomienia.

Record Number: 74329
Source Name: Service Control Manager
Time Written: 20100608131451.000000+120
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 7035
Message: Do usługi Zgodność szybkiego przełączania użytkowników został pomyślnie wysłany kod sterowania uruchom.

Record Number: 74328
Source Name: Service Control Manager
Time Written: 20100608131451.000000+120
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: KLIMKI2
Event Code: 29
Message: Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas z jednego lub kilku
źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem.
NtpClient nie ma źródła dokładnego czasu.

Record Number: 74327
Source Name: W32Time
Time Written: 20100608131420.000000+120
Event Type: błąd
User:

=====Application event log=====

Computer Name: KLIMKI2
Event Code: 0
Message: Service started successfully.

Record Number: 7911
Source Name: SUService
Time Written: 20100302065251.000000+060
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 0
Message:
Record Number: 7910
Source Name: ThinkVantage Registry Monitor Service
Time Written: 20100302065250.000000+060
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 0
Message:
Record Number: 7909
Source Name: PMSveH
Time Written: 20100302065249.000000+060
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 0
Message:
Record Number: 7908
Source Name: btwdins
Time Written: 20100302065249.000000+060
Event Type: informacje
User:

Computer Name: KLIMKI2
Event Code: 1002
Message: Powłoka systemowa została nagle zatrzymana i uruchomiono Explorer.exe.

Record Number: 7907
Source Name: Winlogon
Time Written: 20100301003354.000000+060
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Softex\OmniPass;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------
[/log]

a Gmert'a dorzuce pozniej
GMERT:
[log] GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-29 18:34:02
Windows 5.1.2600 Dodatek Service Pack 3
Running: 1sof5h6e.exe; Driver: C:\DOCUME~1\H&K\USTAWI~1\Temp\pgddqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0xBA186394]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Messenger\msmsgs.exe[468] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Messenger\msmsgs.exe[468] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Skype\Phone\Skype.exe[644] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Skype\Phone\Skype.exe[644] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\vsnp2std.exe[920] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\vsnp2std.exe[920] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0097000A
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 3 Bytes JMP 0095000C
.text C:\WINDOWS\System32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher + 4 7C90E480 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1488] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 008C000A
.text C:\WINDOWS\System32\svchost.exe[1488] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\taskmgr.exe[1632] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\taskmgr.exe[1632] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\Gvumua.exe[1900] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\Gvumua.exe[1900] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1932] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C
.text C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe[2600] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Documents and Settings\H&K\Pulpit\1sof5h6e.exe[2600] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2932] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2932] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[3384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BB000C
.text C:\WINDOWS\system32\rundll32.exe[3648] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\rundll32.exe[3648] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe[3828] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe[3828] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe[3840] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe[3840] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe[3880] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe[3880] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\RTHDCPL.EXE[3888] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\RTHDCPL.EXE[3888] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\system32\WLTRAY.exe[3908] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\WLTRAY.exe[3908] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\system32\igfxtray.exe[3916] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\igfxtray.exe[3916] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\system32\hkcmd.exe[3928] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\hkcmd.exe[3928] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\WINDOWS\system32\igfxpers.exe[3936] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\WINDOWS\system32\igfxpers.exe[3936] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4016] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[4016] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Java\jre6\bin\jusched.exe[4064] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Java\jre6\bin\jusched.exe[4064] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[4072] kernel32.dll!TerminateProcess 7C801E1A 1 Byte [C3]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[4072] kernel32.dll!TerminateThread 7C81CB3B 1 Byte [C3]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00419F81] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00419F81] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00419FF9] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW] [0041A18B] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [0041A071] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [0041A11F] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA] [0041A197] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)
IAT C:\WINDOWS\Gvumua.exe[1900] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW] [0041A185] C:\WINDOWS\Gvumua.exe (Windows UI for PAUL.DLL/Electronic Arts, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A95DEC5

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [DISABLED] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@LeaseObtainedTime 1280392065
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@T1 1280397465
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@T2 1280401515
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5B8F735-608B-48E3-8F2D-5610702D0B24}@LeaseTerminatesTime 1280402865
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@LeaseObtainedTime 1280392065
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@T1 1280397465
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@T2 1280401515
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5B8F735-608B-48E3-8F2D-5610702D0B24}\Parameters\Tcpip@LeaseTerminatesTime 1280402865

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\rr.log 20659 bytes
File C:\RRbackups\common\SAM 24576 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\usersids.dat 11440 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Lenovo\Client Security Solution\PreloadInstall.ini 26 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 907 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\c7cbf2d01dc36e4b44b2821953c6f342_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 1779 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\MachineKeys\e17459beeef013e01dbf6151b4b7cdbf_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 1764 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 899 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Gościu 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\6b29ae44e85efac3c72ff4d1865d73f1_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 53 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\6b6ff3d36b1e8344f832a4436e02938c_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 47 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\83aa4cc77f591dfc2374580bbd95f6ba_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 45 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1007\e2d34147dd359ebb13a64fc9cb669f40_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 59 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\2ae4f252-fe96-46cc-a0e6-2a2491f0f673 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\473a0792-ef5d-417e-8a08-d78290763270 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\581647f9-950e-4ac4-8796-cf20e25ddb51 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\736d088c-2694-4f92-b83d-74e9ea23463f 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\80696e5c-86a4-4050-be40-947cba66b0ac 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\9a508fe3-d778-4587-9739-8b19742fe7cb 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\cec83ad9-cb40-4bae-92f3-171e852e68fd 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\e297f0bd-6ac3-48bc-9c36-74a14b076e79 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\fc7b4ba8-63b3-4efd-b15c-8f2a3dc6a6c3 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\fc8bbf1e-3ad1-4cde-9224-f9c45ae05444 388 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1007\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Gościu\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\H&K 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\6b29ae44e85efac3c72ff4d1865d73f1_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 53 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\83aa4cc77f591dfc2374580bbd95f6ba_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 45 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\8f71098770f72c7a67cd8f1151619865_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 54 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\e2d34147dd359ebb13a64fc9cb669f40_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 59 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Crypto\RSA\S-1-5-21-765597641-2342784548-1466310930-1006\f08c1885e643332baac5a23d6fdd8195_b368a065-8e91-4fb0-8bc5-8a6356fd6a67 44 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\bd499802-7b6e-4b4a-a2c5-efdf3ff6f929 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-135863214-1143233109-617985168-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\5403f1bf-d892-43fc-be5f-b8243c8fa45f 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-2015608707-3050732843-2193979339-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\b7006ce1-ce22-4799-ab8f-31d671dc4463 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-4261631373-4277160454-310112478-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\387cdabe-8403-4b12-b135-665dc89b11cf 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\427905a6-7f67-41d7-b006-030bc0795131 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\4a698bbe-9d21-44fc-bb48-1923c87946a4 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\83c31598-adf9-4501-aadd-bc1b7c06b974 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\9746fdbd-7c1a-4108-a9d3-7dc9dbac9d3a 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\c312aae8-42a0-477d-ad51-45c75ed5f61d 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\cd528be4-5f44-463f-8de8-d254412179f0 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\f6a8510e-b660-49b9-93ce-030fd84617c1 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\fb4d237d-2fb6-4a3f-a4cb-ddecf7053b4f 388 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\Protect\S-1-5-21-765597641-2342784548-1466310930-1006\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\H&K\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Właściciel 0 bytes
File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji 0 bytes
File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Właściciel\Dane aplikacji\Microsoft\Crypto 0 bytes
File C:\Documents and Settings\H&K\Cookies\h&k@ad.yieldmanager[1].txt 0 bytes
File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\AGWUYNMCAQ44YYHCAOXFJ9XCA9A6GAJCAD9H4TJCABW4JHKCAT06C4UCASCS9TDCAWOPGNOCA4X2GTXCA6EDTO0CAA9X1VPCAR2TBRECA3FOMI4CA1I63DCCAWAKY00CABARL9DCARNZ8ZWCAPVXW42CAITQVQ8 1443 bytes
File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\ABOFFBUCA9UHLHJCAJ5FHXOCAW1YFN3CA4XUTLFCAHDSTBCCAIDLRDECABZU54WCAV0W3XSCA2Z3TT0CAW8THWKCAEJ3K3VCAOPDRSGCAA4EVT1CAW3T2GZCAFK31A5CAU92GC1CAY1UWK9CAZNSTQ3CA05IV43 1446 bytes
File C:\Documents and Settings\H&K\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OR3BLU5P\b239b3bf107702a6e77174164ff41f9c[2].swf 17622 bytes
File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
[/log] %

Sohei
komentarz
komentarz

[code]
:Processes
Explorer.exe



:OTL
PRC - [2010-07-28 10:02:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\H&K\zkqon.exe
O4 - HKLM..\Run: [Fdonife] C:\WINDOWS\acoqurejadan.DLL ()
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe ()
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\winesm32.exe ( )
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun



:files
C:\WINDOWS\Yludodaqoxoqira.dat
C:\WINDOWS\Qjufipujililu.bin
C:\Documents and Settings\H&K\a.bat
C:\Documents and Settings\H&K\zkqon.exe
C:\WINDOWS\acoqurejadan.DLL
C:\Documents and Settings\H&K\u.exe
C:\Documents and Settings\H&K\s.exe
C:\Documents and Settings\H&K\r.exe
C:\Documents and Settings\H&K\a.exe


:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]

Wklejasz do OTL i run fix.

Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url]
Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url]
Co znajda usun po czym daj logi z usuwania + nowy log OTL

klimek1313
komentarz
komentarz

ooo, dzieki. skanuje caly czas avastem i ciagle cos zostaje....
ale co to znaczy wklejasz do OTL i run fix. w ktorym miejscu wklejam?

Sohei
komentarz
komentarz

otwierasz OTL i masz tam takie białe okienko. Wklejasz to co ci napisałem w nie i klikasz run fix(po polsku wykonaj skrypt)

klimek1313
komentarz
komentarz

ok, lepiej późno... czasem 45 mega to kawał pliku do ściągnięcia.
MBAM:
[log]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4052

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 7.0.5730.11

2010-07-31 00:00:58
mbam-log-2010-07-31 (00-00-58).txt

Typ skanowania: Pełne skanowanie (C:\|)
Przeskanowano obiektów: 231241
Upłynęło: 1 godzin(y), 36 minut(y), 57 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 1
Zainfekowane informacje rejestru systemowego: 1
Zainfekowanych folderów: 0
Zainfekowanych plików: 10

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snp2std (Trojan.FakeAlert.H) -> No action taken.

Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
C:\Poker\Poker at bet365\_SetupPoker_68e0.exe (Adware.Casino) -> No action taken.
C:\2-Instalki\SetupPoker_68e0.exe (Adware.Casino) -> No action taken.
C:\2-Instalki\Gry\fifa09\Crack\rld-fi9k.exe.bc! (Malware.Packer) -> No action taken.
C:\Documents and Settings\Gościu\Dane aplikacji\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Gościu\Dane aplikacji\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\Piklib42.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\vsnp2std.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\Gościu\x.exe (Worm.AutoRun.Gen) -> No action taken.
C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> No action taken.

[/log]

DRWEB: (tylko takie coś..)
[log]
Proces w pamięci: C:\WINDOWS\System32\svchost.exe:1500;;BackDoor.Tdss.565;Zniszczony.;
setup.exe;C:\WINDOWS\temp\sdvt.tmp;Win32.HLLC.Asdas.7;Usunięty.;
faude.exe;c:\documents and settings\gościu;Win32.HLLC.Asdas.7;Usunięty.;
skype.exe;c:\documents and settings\gościu\ustawienia lokalne\dane aplikacji\skype\phone;Win32.HLLC.Asdas.7;Usunięty.;

[/log]

i OTL:
[log]
OTL logfile created on: 2010-08-01 02:00:08 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\2-Instalki\DiagnozaSystemu
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,18 Gb Total Space | 12,00 Gb Free Space | 17,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KLIMKI2
Current User Name: H&K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe
PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe
MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-04-29 06:47:53 | 006,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-10-15 18:36:55 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008-06-20 19:48:53 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2008-04-14 19:20:58 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:42 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:41 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:39 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:35 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2008-04-14 19:20:34 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:20:03 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR)
DRV - [2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-17 15:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M]

[2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions
[2009-03-07 12:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010-08-01 00:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions
[2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-08-01 00:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-24 13:31:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-11-05 11:59:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008-07-06 10:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008-08-02 17:46:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-12-17 15:08:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009-02-08 23:05:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-11-24 13:31:40 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-24 13:31:40 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008-11-10 06:43:30 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-11-24 13:31:50 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2004-12-14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010-03-10 06:27:46 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-06-02 15:34:10 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010-03-10 06:28:43 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010-03-10 06:26:41 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-24 13:31:52 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\ShellBrowser: (&Łącza) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-01 01:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\DoctorWeb
[2010-07-30 21:32:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat
[2010-07-30 17:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Dane aplikacji\Malwarebytes
[2010-07-30 17:16:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-30 17:16:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-07-30 11:39:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-07-30 09:07:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-07-30 09:07:31 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-07-30 09:07:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-07-30 09:07:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-07-30 09:07:27 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-07-30 09:07:27 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-07-30 09:07:26 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-07-30 09:06:54 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-07-30 09:06:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010-07-30 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA
[2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1}
[2010-07-28 10:02:57 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\H&K\a.bat
[2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll
[2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing
[2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-01 01:44:54 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-08-01 01:44:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-08-01 01:44:35 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010-08-01 01:44:33 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010-08-01 01:44:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-01 01:44:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-01 01:44:20 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-01 01:43:35 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT
[2010-08-01 01:43:13 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini
[2010-08-01 01:42:06 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv
[2010-08-01 01:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
[2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010-07-31 12:39:34 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-31 12:39:34 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-07-31 12:39:34 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-31 12:39:34 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-07-31 12:39:34 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-31 12:18:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat
[2010-07-30 21:28:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yludodaqoxoqira.dat
[2010-07-30 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-07-30 09:20:30 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-30 09:20:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-30 09:20:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-30 09:07:27 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-07-30 09:05:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qjufipujililu.bin
[2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-28 10:02:57 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\H&K\a.bat
[2010-07-28 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-07-25 09:38:45 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-01 01:42:06 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv
[2010-07-29 10:57:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yludodaqoxoqira.dat
[2010-07-29 10:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qjufipujililu.bin
[2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe
[2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll
[2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll
[2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll
[2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini
[2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-07-30 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
[2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage
[2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo
[2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia
[2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player
[2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2
[2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite
[2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage
[2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity
[2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo
[2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia
[2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2
[2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage
[2010-08-01 01:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-07-30 09:20:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log
[2010-08-01 01:44:20 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log
[2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000
[2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000
[2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv
[2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log
[2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR
[2010-08-01 01:44:19 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log
[2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk
[2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
[2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< End of report >

[color=#A23BEC]< MD5 for: [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,004,224 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,049,536 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: [2004-08-04 22:00:00 | 000,182,912 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: [2005-04-01 20:35:02 | 000,505,344 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[color=#A23BEC]< MD5 for: [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: [2008-04-13 21:20:37 | 000,182,656 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: [2008-04-14 19:20:31 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

< End of report >

[/log]

Sohei
komentarz
komentarz

zrobimy inaczej.
Pobierz narzędzie flash desinfector. Podłącz do komputera wszystkie pamięci przenośne jakie posiadasz i użyj tego narzędzia. Następnie do OTL wklejasz i klikasz run fix

[code]:Processes
Explorer.exe



:OTL
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon] C:\Documents and Settings\H&K\zkqon.exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [zkqon ] C:\Documents and Settings\H&K\zkqon .exe File not found
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [Ddiju] C:\WINDOWS\wmacet.DLL File not found
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{521eafe0-8d4b-11de-b271-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{76fa5e12-41e8-11de-b1ec-000fb0d60f3c}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell - "" = AutoRun
O33 - MountPoints2\{da9204a5-d2b0-11dd-b167-000fb0d60f3c}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008-06-17 21:03:15 |



:files

C:\Documents and Settings\All Users\Dane aplikacji\2t87Cy.dat
C:\Documents and Settings\H&K\a.bat

C:\WINDOWS\Yludodaqoxoqira.dat
C:\WINDOWS\Qjufipujililu.bin
C:\Documents and Settings\H&K\a.bat


:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Powtarzasz skany programami z postu 6

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
Dodatkowo zapoznaj się z tym tematem http://forum.pcformat.pl/thread-182590.html i postępując zgodnie ze wskazówkami Pawła01 napraw usługę wuauserv(automatyczne aktualizacje)

klimek1313
komentarz
komentarz

troche strach podlaczac twardy dysk - 320 GB. na nim jest tragedia, nie widac plikow, tylko pozorne skroty, reszta plikow jest jako "Hidden" i nie mozna zmienic tego we wlasciwosciach... ale nic, trudno, sprobuje... raz kozie smierc :)

Sohei
komentarz
komentarz

zanim go podłączysz zastosuj się do tego http://x86.pl/wylaczenie-autouruchamiania-cd-dvd-usb-pendrive/ :)

klimek1313
komentarz
komentarz

w koncu:
[log] Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4052

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 7.0.5730.11

2010-08-04 02:38:12
mbam-log-2010-08-04 (02-38-12).txt

Typ skanowania: Pełne skanowanie (C:\|)
Przeskanowano obiektów: 227193
Upłynęło: 59 minut(y), 44 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)[/log]
[log] Proces w pamięci: C:\Program Files\Mozilla Firefox\firefox.exe:1260;;BackDoor.Tdss.565;Zniszczony.;
[/log]
[log] OTL logfile created on: 2010-08-04 13:48:33 - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\2-Instalki\DiagnozaSystemu
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70,18 Gb Total Space | 11,77 Gb Free Space | 16,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KLIMKI2
Current User Name: H&K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe
PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-11-24 13:31:45 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-11-10 06:43:40 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-04-14 19:21:49 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 19:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 19:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-03-16 20:25:16 | 025,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype .exe
PRC - [2007-03-15 22:42:34 | 001,914,824 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2006-10-16 14:30:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2006-10-12 09:28:48 | 001,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006-10-11 11:36:40 | 016,267,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-10-05 19:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006-07-14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2006-03-23 06:17:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006-03-23 06:17:00 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006-03-23 06:13:00 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-07-29 11:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\2-Instalki\DiagnozaSystemu\OTL.exe
MOD - [2009-04-29 06:47:59 | 000,827,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-04-29 06:47:53 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 19:20:47 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 19:20:32 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll
MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 19:19:59 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-06-29 08:05:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-06-06 08:32:51 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2007-12-10 14:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-11-17 01:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006-11-16 16:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006-10-16 14:34:56 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2006-10-05 19:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006-10-05 19:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006-07-14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006-07-14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006-07-14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006-05-24 13:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2006-01-17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005-10-06 18:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [File_System | Unknown | Running] -- -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\H&K\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\BridDfu.sys -- (BridDfu) Access Point (AR)
DRV - [2010-08-01 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-06-19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-06-16 03:50:11 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007-06-16 03:50:11 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007-02-22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007-02-22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007-02-22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006-10-12 09:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006-10-12 02:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-09-08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-08-30 07:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-07-17 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006-07-14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006-07-14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006-07-14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006-07-14 15:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006-07-10 20:33:00 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006-05-24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006-05-19 07:24:00 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006-02-28 04:23:58 | 000,018,101 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006-02-26 22:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-01-17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-01-17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-01-17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-01-17 10:15:26 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006-01-17 10:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006-01-17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005-10-11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004-08-04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-09-10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 22:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F04FB01E-B108-4183-BEFC-024138D741B1}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{F04FB01E-B108-4183-BEFC-024138D741B1}: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1} [2010-07-28 10:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-10 06:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-10 06:28:43 | 000,000,000 | ---D | M]

[2009-03-07 12:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Extensions
[2010-08-04 10:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions
[2010-01-26 13:18:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\H&K\Dane aplikacji\Mozilla\Firefox\Profiles\4ryku7is.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-08-04 10:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-24 13:31:52 | 000,000,896 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-24 13:31:52 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-24 13:31:52 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-24 13:31:52 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-24 13:31:52 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-24 13:31:52 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-07-02 08:14:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.4.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.4.1\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Gościu\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O15 - HKU\S-1-5-21-765597641-2342784548-1466310930-1006\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.189.78.60 63.123.72.40
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\H&K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-03-03 04:58:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-08-01 21:36:33 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk - C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk - C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^H&K^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk - C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe - ()
MsConfig - StartUpReg: [b]5DR8ZAD8GX[/b] - hkey= - key= - C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe File not found
MsConfig - StartUpReg: [b]ACTray[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe ()
MsConfig - StartUpReg: [b]ACWLIcon[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
MsConfig - StartUpReg: [b]AGRSMMSG[/b] - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: [b]AMSG[/b] - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
MsConfig - StartUpReg: [b]AzMixerSel[/b] - hkey= - key= - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]cssauth[/b] - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
MsConfig - StartUpReg: [b]Ddiju[/b] - hkey= - key= - C:\WINDOWS\wmacet.DLL File not found
MsConfig - StartUpReg: [b]H/PC Connection Agent[/b] - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]LPManager[/b] - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: [b]lxccmon.exe[/b] - hkey= - key= - C:\Program Files\Lexmark 3300 Series\lxccmon.exe ()
MsConfig - StartUpReg: [b]mSejf - monitor[/b] - hkey= - key= - C:\Program Files\Ux Systems\mSejf\mSejfNotify.exe File not found
MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe File not found
MsConfig - StartUpReg: [b]OmniPass[/b] - hkey= - key= - C:\Program Files\Softex\OmniPass\ScureApp.exe ()
MsConfig - StartUpReg: [b]Picasa Media Detector[/b] - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: [b]tugeb[/b] - hkey= - key= - C:\Documents and Settings\H&K\tugeb.exe File not found
MsConfig - StartUpReg: [b]TVT Scheduler Proxy[/b] - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - StartUpReg: [b]zkqon[/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon.exe File not found
MsConfig - StartUpReg: [b]zkqon [/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon .exe File not found
MsConfig - StartUpReg: [b]zkqon [/b] - hkey= - key= - C:\Documents and Settings\H&K\zkqon .exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-08-02 06:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\AdobeUM
[2010-08-02 06:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Sun
[2010-08-02 06:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-08-01 21:36:33 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010-08-01 01:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\DoctorWeb
[2010-07-30 17:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Dane aplikacji\Malwarebytes
[2010-07-30 17:16:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-30 17:16:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-30 17:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-07-30 11:39:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-07-30 09:07:31 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-07-30 09:07:31 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-07-30 09:07:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-07-30 09:07:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-07-30 09:07:27 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-07-30 09:07:27 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-07-30 09:07:26 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-07-30 09:06:54 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-07-30 09:06:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010-07-30 09:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-07-29 11:48:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010-07-29 11:47:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-28 12:01:06 | 000,000,000 | ---D | C] -- C:\_SMA
[2010-07-28 10:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia
[2010-07-28 10:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe
[2010-07-28 10:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\{F04FB01E-B108-4183-BEFC-024138D741B1}
[2010-07-18 11:35:57 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll
[2010-07-18 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xing
[2007-06-16 03:25:05 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007-06-16 03:25:05 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-08-04 13:45:58 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb4082010.csv
[2010-08-04 13:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
[2010-08-04 09:38:26 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\H&K\NTUSER.DAT
[2010-08-04 05:30:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-08-03 18:50:56 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1006.job
[2010-08-03 18:50:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-08-03 18:50:19 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010-08-03 18:50:16 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010-08-03 18:50:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-03 18:50:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-03 18:50:05 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-03 12:39:15 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\H&K\ntuser.ini
[2010-08-03 12:38:50 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010-08-02 09:19:19 | 000,005,006 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWebq.csv
[2010-08-01 21:47:43 | 001,117,046 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-01 21:47:43 | 000,500,720 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-08-01 21:47:43 | 000,441,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-01 21:47:43 | 000,089,144 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-08-01 21:47:43 | 000,071,506 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-01 10:22:58 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-08-01 10:22:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-08-01 10:22:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-08-01 01:42:06 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv
[2010-07-30 21:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-765597641-2342784548-1466310930-1007.job
[2010-07-30 09:07:27 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-07-28 18:54:20 | 006,921,074 | -H-- | M] () -- C:\Documents and Settings\H&K\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-20 21:33:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-06-13 20:12:23 | 000,462,336 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | M] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-08-04 13:45:58 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb4082010.csv
[2010-08-02 09:19:19 | 000,005,006 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWebq.csv
[2010-08-01 01:42:06 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\DrWeb.csv
[2010-06-13 20:12:22 | 000,462,336 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Saper By ArteX.exe
[2010-06-13 20:08:11 | 000,476,156 | ---- | C] () -- C:\Documents and Settings\H&K\Pulpit\Kolko_i_krzyzyk.exe
[2009-10-10 17:43:34 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009-10-07 21:48:26 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-01-03 15:00:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-01-03 15:00:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-01-03 14:59:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-01-03 14:59:58 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-01-03 14:59:58 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-01-03 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-01-03 14:59:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-11-27 18:13:41 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008-10-29 15:13:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007-11-22 12:27:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll
[2007-11-22 12:27:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2007-11-22 12:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll
[2007-11-22 12:27:25 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll
[2007-10-14 14:34:35 | 000,000,203 | ---- | C] () -- C:\WINDOWS\SpssLM.ini
[2007-10-09 22:15:55 | 000,001,998 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007-09-30 22:03:34 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007-09-30 22:01:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007-09-30 22:01:22 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007-06-16 11:10:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007-06-16 11:03:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007-06-16 04:00:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-06-16 03:49:31 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007-06-16 03:37:21 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007-06-16 03:35:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007-06-16 03:35:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007-06-16 03:35:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007-06-16 03:35:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007-06-16 03:35:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007-06-16 03:26:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007-06-16 03:26:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007-06-16 03:25:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007-06-16 03:25:06 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007-06-16 03:25:06 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007-06-16 03:25:05 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2006-10-20 08:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006-06-19 17:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-01-17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-07-30 09:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-03-10 11:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2007-06-16 03:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
[2008-03-25 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-05-13 16:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Lenovo
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\ThinkVantage
[2007-09-08 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\InterVideo
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Lenovo
[2008-03-25 19:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia
[2008-03-25 19:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Nokia Multimedia Player
[2009-01-09 22:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\OpenOffice.ux.pl2
[2008-02-27 16:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PC Suite
[2009-09-06 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\PowerChallenge
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\ThinkVantage
[2009-10-29 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gościu\Dane aplikacji\Unity
[2007-09-19 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Leadertech
[2007-06-16 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Lenovo
[2008-03-25 11:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Nokia
[2009-01-09 15:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl
[2009-01-09 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\OpenOffice.ux.pl2
[2008-03-10 14:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\Opera
[2008-03-25 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\PC Suite
[2007-06-16 03:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\H&K\Dane aplikacji\ThinkVantage
[2010-08-04 13:36:30 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-18 11:25:02 | 000,008,696 | ---- | M] () -- C:\ashampoo-acdw-log.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007-06-16 03:27:04 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2009-07-01 21:48:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-08-01 10:22:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004-08-04 22:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009-01-06 00:32:11 | 000,000,241 | ---- | M] () -- C:\CDFE.log
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-07-28 18:45:19 | 000,072,301 | ---- | M] () -- C:\ComboFix.txt
[2006-03-03 04:58:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007-06-16 03:37:29 | 000,002,263 | ---- | M] () -- C:\drivez.log
[2010-08-03 18:50:05 | 2674,380,800 | -HS- | M] () -- C:\hiberfil.sys
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-01-06 00:33:23 | 000,000,106 | ---- | M] () -- C:\lxcc.log
[2007-11-22 12:27:12 | 000,000,000 | ---- | M] () -- C:\lxccfire.000
[2009-01-06 00:32:03 | 000,000,000 | ---- | M] () -- C:\lxccfire.csv
[2007-11-22 12:27:47 | 000,000,416 | ---- | M] () -- C:\LXCCINST.000
[2009-01-06 00:34:09 | 000,001,258 | ---- | M] () -- C:\LXCCINST.csv
[2010-04-23 16:31:30 | 000,008,170 | ---- | M] () -- C:\lxccscan.log
[2009-08-21 09:26:48 | 000,007,588 | ---- | M] () -- C:\mksbasel.cpp.log
[2006-03-03 04:58:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-10-14 23:40:51 | 000,251,152 | RHS- | M] () -- C:\NTLDR
[2010-08-03 18:50:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2007-06-16 03:26:51 | 000,000,367 | ---- | M] () -- C:\RHDSetup.log
[2007-06-16 03:24:33 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008-03-25 21:10:50 | 000,000,459 | ---- | M] () -- C:\Skrót do Gościu - dokumenty.lnk
[2007-06-16 11:11:03 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:agp440.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2004-08-04 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2004-08-04 14:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2004-08-04 22:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-10-14 23:36:32 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004-08-04 22:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-04 22:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004-08-04 22:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
[2005-04-01 20:35:02 | 000,505,344 | ---- | M] (Microsoft Corporation) MD5=EF0B20F1A502FE4C0CA03143DF35C910 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< End of report >
[/log]
troszku liche te logi, nie ma chyba za dużo w nich, prawda?
pozostał problem:
- Backdoora, wciaz coś przypełza z neta? bo avast ciagle krzyczy, że coś chce uruchomić podejrzane aplikacje
- przy kopiowaniu plików najeżdżając myszką i klikając "kopiuj" winda zamyka mi explorera.exe. to samo przy Wklej
- najważniejsze: wciąż na dysku zewn, który przeskanowalem, nie widzę żadnych plików. nawet jak zmienie na Pokaż ukryte. a są, jest zajęte 100GB i muszą być :) , bo mam tam zdjęcia z ost 6 lat....... :(

Tomek01
komentarz
komentarz

Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b]
W polu input script here wklej taki tekst :


[code]Files to delete:
C:\Documents and Settings\H&K\zkqon.exe
C:\DOCUME~1\H&K\USTAWI~1\Temp\Gc0.exe
C:\WINDOWS\wmacet.DLL

Drivers to delete:
5DR8ZAD8GX
Ddiju
foundzkqon[/code]

Klikasz execute, komputer uruchamia się ponownie i generuje raport z usuwania, który chciałbym zobaczyć. Oraz nowe logi OTL i RSIT.



Przeskanuj na virustotal mi ten plik, widać świeża modyfikację:
C:\WINDOWS\System32\rpcnet.dll

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.