nohender utworzono 21 listopada 2010 utworzono 21 listopada 2010 (edytowane) Siema. Mam ten sam problem z Think Point'em i chcę się go pozbyć. [b]OTL[/b] [log]OTL logfile created on: 2010-11-21 23:05:48 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Czarek\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,91 Gb Total Space | 75,48 Gb Free Space | 53,56% Space Free | Partition Type: NTFS Drive D: | 8,14 Gb Total Space | 1,52 Gb Free Space | 18,62% Space Free | Partition Type: NTFS Drive F: | 3,67 Gb Total Space | 2,44 Gb Free Space | 66,51% Space Free | Partition Type: FAT32 Computer Name: CZAREK-PC | User Name: Czarek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color="#e56717"]========== Processes (All) ==========[/color] PRC - [2010-11-17 15:47:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Czarek\Desktop\OTL.exe PRC - [2010-11-16 20:10:14 | 000,578,560 | ---- | M] (Momento LTD) -- C:\Users\Czarek\AppData\Roaming\hotfix.exe PRC - [2010-09-20 22:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010-08-17 14:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe PRC - [2010-07-25 16:14:28 | 000,120,152 | ---- | M] (WeFi) -- C:\Program Files\WeFi\WefiEngSvc.exe PRC - [2010-07-25 16:14:26 | 001,645,912 | ---- | M] (WeFi) -- C:\Program Files\WeFi\WeFi.exe PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-08-07 03:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe PRC - [2009-06-15 13:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe PRC - [2009-03-03 03:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-05-27 06:18:43 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe PRC - [2008-05-14 21:56:58 | 000,116,112 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe PRC - [2008-05-14 21:56:54 | 000,292,248 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe PRC - [2008-05-14 21:56:38 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe PRC - [2008-04-16 19:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe PRC - [2008-04-16 19:52:28 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2008-04-15 12:40:10 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2008-04-11 08:04:54 | 000,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008-04-03 10:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008-03-28 10:17:20 | 000,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-03-26 18:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe PRC - [2008-03-26 14:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008-03-18 16:24:58 | 000,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpservice.exe PRC - [2008-03-14 07:45:10 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008-03-12 19:24:52 | 000,699,456 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2008-03-12 19:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2008-02-26 14:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-02-26 14:08:32 | 002,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008-02-12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe PRC - [2008-01-25 17:05:30 | 000,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008-01-21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2008-01-21 03:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2008-01-21 03:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe PRC - [2008-01-21 03:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFHost.exe PRC - [2008-01-21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe PRC - [2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe PRC - [2008-01-21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe PRC - [2008-01-21 03:24:44 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe PRC - [2008-01-21 03:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwm.exe PRC - [2008-01-21 03:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe PRC - [2008-01-21 03:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.exe PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininit.exe PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008-01-21 03:23:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanext.exe PRC - [2008-01-17 20:31:32 | 000,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008-01-17 20:31:22 | 001,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007-11-20 06:44:58 | 000,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2007-11-01 17:42:38 | 000,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe PRC - [2007-09-26 05:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2007-07-17 11:13:56 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007-07-17 11:13:34 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2007-05-08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2007-01-09 10:25:00 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-01-03 13:40:12 | 000,188,575 | ---- | M] () -- C:\Program Files\Lectra\Modaservice\modaserv.exe PRC - [2006-06-12 10:42:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe PRC - [2003-05-05 07:41:54 | 000,456,704 | R--- | M] () -- C:\Program Files\Lectra\IManager\bin\fontserver.exe PRC - [2003-05-05 07:41:54 | 000,227,840 | R--- | M] () -- C:\Program Files\Lectra\IManager\bin\lpdaemon.exe [color="#e56717"]========== Modules (All) ==========[/color] MOD - [2010-11-17 15:47:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Czarek\Desktop\OTL.exe MOD - [2010-08-31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2010-07-26 17:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll MOD - [2010-06-28 17:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll MOD - [2010-04-16 17:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usp10.dll MOD - [2009-07-17 15:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll MOD - [2009-06-15 16:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll MOD - [2009-04-23 13:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll MOD - [2009-02-13 09:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll MOD - [2008-10-21 06:25:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll MOD - [2008-10-16 05:47:33 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll MOD - [2008-05-27 06:17:46 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\propsys.dll MOD - [2008-02-29 07:53:38 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll MOD - [2008-01-21 03:25:01 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll MOD - [2008-01-21 03:25:00 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll MOD - [2008-01-21 03:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll MOD - [2008-01-21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll MOD - [2008-01-21 03:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsi.dll MOD - [2008-01-21 03:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll MOD - [2008-01-21 03:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll MOD - [2008-01-21 03:24:37 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll MOD - [2008-01-21 03:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll MOD - [2008-01-21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx MOD - [2008-01-21 03:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll MOD - [2008-01-21 03:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll MOD - [2008-01-21 03:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll MOD - [2008-01-21 03:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssapi.dll MOD - [2008-01-21 03:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vsstrace.dll MOD - [2008-01-21 03:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll MOD - [2008-01-21 03:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll MOD - [2008-01-21 03:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmarta.dll MOD - [2008-01-21 03:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\authz.dll MOD - [2008-01-21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll MOD - [2008-01-21 03:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll MOD - [2008-01-21 03:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpk.dll MOD - [2008-01-21 03:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wldap32.dll MOD - [2008-01-21 03:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll MOD - [2008-01-21 03:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll MOD - [2008-01-21 03:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userenv.dll MOD - [2008-01-21 03:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv MOD - [2008-01-21 03:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll MOD - [2008-01-21 03:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll MOD - [2008-01-21 03:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\olepro32.dll MOD - [2008-01-21 03:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spp.dll MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll [color="#e56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-07-25 16:14:28 | 000,120,152 | ---- | M] (WeFi) [On_Demand | Running] -- C:\Program Files\WeFi\WefiEngSvc.exe -- (WefiEngSvc) SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2008-04-16 19:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe -- (STacSV) SRV - [2008-03-26 18:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008-03-26 14:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008-03-12 19:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008-02-12 06:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe -- (AESTFilters) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-01-03 13:40:12 | 000,188,575 | ---- | M] () [Auto | Running] -- C:\Program Files\Lectra\Modaservice\modaserv.exe -- (Modaservice) SRV - [2006-06-12 10:42:00 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe -- (VPDaemon) SRV - [2003-05-05 07:41:54 | 000,456,704 | R--- | M] () [Auto | Running] -- C:\Program Files\Lectra\IManager\bin\fontserver.exe -- (FontServer) SRV - [2003-05-05 07:41:54 | 000,227,840 | R--- | M] () [Auto | Running] -- C:\Program Files\Lectra\IManager\bin\lpdaemon.exe -- (LpDaemon) [color="#e56717"]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010-05-24 19:38:54 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt) DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 00:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2008-04-27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2008-04-16 19:58:24 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008-04-14 23:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008-04-14 20:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-04-01 12:14:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008-03-28 12:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008-03-27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008-03-27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008-03-26 18:28:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008-02-01 09:41:58 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2008-01-23 22:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir) DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 03:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf) DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 03:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (HSF_DPV) DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008-01-17 20:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008-01-07 21:42:04 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr) DRV - [2007-09-23 23:00:00 | 000,037,488 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CH341SER.SYS -- (CH341SER) DRV - [2007-07-11 09:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007-06-18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006-11-02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006-10-29 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2005-07-28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2005-06-13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2005-02-11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2004-05-14 04:42:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) [color="#e56717"]========== Standard Registry (SafeList) ==========[/color] [color="#e56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKLM\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://search.conduit.com?SearchSource=10&ctid=CT2417076"]http://search.condui...&ctid=CT2417076[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#e56717"]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-30 16:47:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-30 16:47:48 | 000,000,000 | ---D | M] [2009-01-28 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\mozilla\Extensions [2010-11-15 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\mozilla\Firefox\Profiles\s38cm50m.default\extensions [2010-07-24 11:42:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Czarek\AppData\Roaming\mozilla\Firefox\Profiles\s38cm50m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-21 15:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-06-15 10:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2010-10-24 09:25:07 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-24 09:25:07 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-24 09:25:07 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-24 09:25:07 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-24 09:25:07 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-24 09:25:07 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\tbgry.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.155.115.1 78.155.115.250 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000 Winlogon: Shell - (C:\Users\Czarek\AppData\Roaming\hotfix.exe) - C:\Users\Czarek\AppData\Roaming\hotfix.exe (Momento LTD) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Skyline.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Skyline.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5a53e631-c4ee-11df-a3e4-002186c856b5}\Shell - "" = Autorun O33 - MountPoints2\{5a53e631-c4ee-11df-a3e4-002186c856b5}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe -- File not found O33 - MountPoints2\{5a53e637-c4ee-11df-a3e4-002186c856b5}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-11-21 23:01:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Czarek\Desktop\OTL.exe [2010-11-21 12:31:35 | 000,000,000 | ---D | C] -- C:\Users\Czarek\Desktop\wet [2010-11-16 20:10:13 | 000,578,560 | ---- | C] (Momento LTD) -- C:\Users\Czarek\AppData\Roaming\hotfix.exe [2010-11-15 11:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\NovaLogic [2010-10-18 10:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-09-30 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Czarek\AppData\Roaming\OpenFM [2010-05-24 11:53:31 | 010,053,112 | ---- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe [1 C:\Users\Czarek\AppData\Local\*.tmp files -> C:\Users\Czarek\AppData\Local\*.tmp -> ] [color="#e56717"]========== Files - Modified Within 60 Days ==========[/color] [2010-11-21 23:04:20 | 002,097,152 | -HS- | M] () -- C:\Users\Czarek\ntuser.dat [2010-11-21 23:03:43 | 001,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-11-21 23:03:43 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-11-21 23:03:43 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-11-21 23:03:43 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-11-21 23:03:43 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-11-21 22:26:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-11-21 22:26:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-11-21 16:34:35 | 000,000,269 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010-11-21 16:34:08 | 000,000,006 | ---- | M] () -- C:\Users\Czarek\AppData\Roaming\completescan [2010-11-21 16:26:44 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WefiStartup.job [2010-11-21 16:26:38 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010-11-21 16:26:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-11-21 16:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-11-21 16:26:10 | 2145,214,464 | -HS- | M] () -- C:\hiberfil.sys [2010-11-18 19:26:18 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-11-18 19:26:16 | 000,524,288 | -HS- | M] () -- C:\Users\Czarek\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010-11-18 19:26:16 | 000,065,536 | -HS- | M] () -- C:\Users\Czarek\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-11-18 19:26:09 | 002,796,133 | -H-- | M] () -- C:\Users\Czarek\AppData\Local\IconCache.db [2010-11-17 15:54:28 | 000,000,006 | ---- | M] () -- C:\Users\Czarek\AppData\Roaming\start [2010-11-17 15:53:40 | 000,339,991 | ---- | M] () -- C:\Users\Czarek\Desktop\RSIT.exe [2010-11-17 15:47:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Czarek\Desktop\OTL.exe [2010-11-16 20:11:08 | 000,000,010 | ---- | M] () -- C:\Users\Czarek\AppData\Roaming\install [2010-11-16 20:10:14 | 000,578,560 | ---- | M] (Momento LTD) -- C:\Users\Czarek\AppData\Roaming\hotfix.exe [2010-11-16 20:10:14 | 000,000,237 | ---- | M] () -- C:\Users\Czarek\AppData\Roaming\scgdfgasfbh.bat [2010-10-25 09:05:57 | 000,042,496 | ---- | M] () -- C:\Users\Czarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-19 10:29:33 | 000,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010-10-18 10:16:15 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010-10-13 15:36:04 | 000,305,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-10-02 22:05:44 | 1468,856,320 | ---- | M] () -- C:\Users\Czarek\Desktop\avatar ( lektor pl ).avi [1 C:\Users\Czarek\AppData\Local\*.tmp files -> C:\Users\Czarek\AppData\Local\*.tmp -> ] [color="#e56717"]========== Files Created - No Company Name ==========[/color] [2010-11-21 23:01:26 | 000,339,991 | ---- | C] () -- C:\Users\Czarek\Desktop\RSIT.exe [2010-11-16 20:26:35 | 000,000,006 | ---- | C] () -- C:\Users\Czarek\AppData\Roaming\start [2010-11-16 20:25:23 | 000,000,006 | ---- | C] () -- C:\Users\Czarek\AppData\Roaming\completescan [2010-11-16 20:11:08 | 000,000,010 | ---- | C] () -- C:\Users\Czarek\AppData\Roaming\install [2010-11-16 20:10:14 | 000,000,237 | ---- | C] () -- C:\Users\Czarek\AppData\Roaming\scgdfgasfbh.bat [2010-10-18 10:16:15 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010-10-05 18:27:44 | 1468,856,320 | ---- | C] () -- C:\Users\Czarek\Desktop\avatar ( lektor pl ).avi [2010-05-24 19:38:54 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2010-04-21 17:51:03 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009-05-02 21:44:05 | 000,006,944 | ---- | C] () -- C:\Users\Czarek\AppData\Local\d3d9caps.dat [2009-03-10 20:30:25 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-03-10 20:30:22 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-03-10 20:30:22 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-03-10 20:30:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-03-10 20:30:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-03-10 20:30:18 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009-01-20 22:04:51 | 000,684,672 | ---- | C] () -- C:\Windows\System32\drivers\torususb.sys [2009-01-20 22:04:50 | 000,000,161 | ---- | C] () -- C:\Windows\DSLSetup.ini [2009-01-20 22:01:09 | 000,042,496 | ---- | C] () -- C:\Users\Czarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-19 22:08:21 | 002,796,133 | -H-- | C] () -- C:\Users\Czarek\AppData\Local\IconCache.db [2009-01-19 21:21:14 | 000,000,000 | ---- | C] () -- C:\Users\Czarek\AppData\Local\QSwitch.txt [2009-01-19 21:21:14 | 000,000,000 | ---- | C] () -- C:\Users\Czarek\AppData\Local\DSwitch.txt [2009-01-19 21:21:14 | 000,000,000 | ---- | C] () -- C:\Users\Czarek\AppData\Local\AtStart.txt [2009-01-19 21:21:00 | 000,070,744 | ---- | C] () -- C:\Users\Czarek\AppData\Local\GDIPFONTCACHEV1.DAT [2008-03-28 10:19:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008-01-21 03:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008-01-21 03:24:29 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2007-11-14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2006-11-02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:33:01 | 001,468,980 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006-11-02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 11:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2006-03-08 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color="#e56717"]========== LOP Check ==========[/color] [2009-08-01 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\AIMP [2009-09-30 20:41:04 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\Ashampoo [2009-01-19 21:20:21 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\DigitalPersona [2009-08-03 14:40:42 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\GanymedeNet [2010-11-18 18:30:37 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\Lectra [2009-08-02 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu [2010-09-30 10:40:20 | 000,000,000 | ---D | M] -- C:\Users\Czarek\AppData\Roaming\OpenFM [2010-11-18 19:26:19 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [2010-11-21 16:26:44 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job [color="#e56717"]========== Purity Check ==========[/color] [color="#e56717"]========== Custom Scans ==========[/color] [color="#a23bec"]< %systemdrive%\*.* >[/color] [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008-01-21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009-05-29 12:14:48 | 000,296,974 | ---- | M] () -- C:\gry.ico [2009-06-01 08:16:08 | 000,000,043 | ---- | M] () -- C:\gry.url [2010-11-21 16:26:10 | 2145,214,464 | -HS- | M] () -- C:\hiberfil.sys [2010-01-02 16:35:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-01-02 16:35:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-11-21 16:26:08 | 2459,000,832 | -HS- | M] () -- C:\pagefile.sys [color="#a23bec"]< MD5 for: AGP440.SYS >[/color] [2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys [2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color="#a23bec"]< MD5 for: ATAPI.SYS >[/color] [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys [2008-01-21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [color="#a23bec"]< MD5 for: BEEP.SYS >[/color] [2008-01-21 03:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\WINDOWS\System32\drivers\beep.sys [2008-01-21 03:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\WINDOWS\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [color="#a23bec"]< MD5 for: CDROM.SYS >[/color] [2008-01-21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\WINDOWS\System32\drivers\cdrom.sys [2008-01-21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\WINDOWS\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys [2008-01-21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\WINDOWS\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2009-04-11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\WINDOWS\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys [2006-11-02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\WINDOWS\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color] [2007-01-12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll [color="#a23bec"]< MD5 for: NDIS.SYS >[/color] [2009-04-11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\WINDOWS\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys [2008-01-21 03:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\WINDOWS\System32\drivers\ndis.sys [2008-01-21 03:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color] [2009-04-11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\System32\winlogon.exe [2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < End of report > [/log] [b]RSIT Log[/b] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Czarek at 2010-11-21 23:17:48 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 77 GB (54%) free of 144 GB Total RAM: 2045 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:18:00, on 2010-11-21 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18527) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Users\Czarek\AppData\Roaming\hotfix.exe C:\Windows\system32\taskeng.exe C:\Program Files\WeFi\WeFi.exe C:\WINDOWS\explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Czarek\Desktop\RSIT.exe C:\Program Files\trend micro\Czarek.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://search.conduit.com?SearchSource=10&ctid=CT2417076"]http://search.condui...&ctid=CT2417076[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb"]http://ie.redirect.h...avilion&pf=cnnb[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll O3 - Toolbar: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgry.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\Program Files\Lectra\IManager\bin\fontserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\Program Files\Lectra\IManager\bin\lpdaemon.exe O23 - Service: Modaservice - Unknown owner - C:\Program Files\Lectra\Modaservice\modaserv.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe -- End of file - 10357 bytes ======Scheduled tasks folder====== C:\Windows\tasks\WefiStartup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-02-18 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar BHO - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-02-03 1185120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] gry Toolbar - C:\Program Files\gry\tbgry.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Czarek\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-27 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll [2008-02-03 1185120] {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - gry Toolbar - C:\Program Files\gry\tbgry.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-17 1033512] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-16 442433] "UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504] "DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-12 699456] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-05-14 468264] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032] "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-11-21 23:17:48 ----D---- C:\rsit 2010-11-21 23:17:48 ----D---- C:\Program Files\trend micro 2010-11-16 20:10:14 ----A---- C:\Users\Czarek\AppData\Roaming\scgdfgasfbh.bat 2010-11-16 20:10:13 ----A---- C:\Users\Czarek\AppData\Roaming\hotfix.exe 2010-11-15 11:35:59 ----D---- C:\Program Files\NovaLogic 2010-10-27 14:59:24 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-10-27 14:59:24 ----A---- C:\Windows\system32\Apphlpdm.dll ======List of files/folders modified in the last 1 months====== 2010-11-21 23:18:00 ----D---- C:\Windows\Prefetch 2010-11-21 23:17:55 ----D---- C:\Windows\Temp 2010-11-21 23:17:48 ----RD---- C:\Program Files 2010-11-21 23:03:43 ----D---- C:\Windows\System32 2010-11-21 23:03:43 ----D---- C:\Windows\inf 2010-11-21 23:03:43 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-21 19:35:28 ----D---- C:\ProgramData\WeFi 2010-11-18 18:30:37 ----D---- C:\Users\Czarek\AppData\Roaming\Lectra 2010-11-17 18:24:47 ----SHD---- C:\System Volume Information 2010-11-17 11:22:03 ----D---- C:\Program Files\GameSpy Arcade 2010-11-17 09:21:20 ----D---- C:\WINDOWS 2010-11-17 06:03:01 ----D---- C:\Windows\system32\WDI 2010-11-12 21:00:32 ----D---- C:\Windows\system32\catroot2 2010-11-11 09:36:40 ----D---- C:\Windows\winsxs 2010-11-11 09:32:04 ----SHD---- C:\Windows\Installer 2010-11-11 09:31:44 ----D---- C:\ProgramData\Microsoft Help 2010-11-11 09:31:15 ----D---- C:\Windows\system32\catroot 2010-11-11 09:31:09 ----D---- C:\Program Files\Windows Mail 2010-10-30 16:47:48 ----D---- C:\Program Files\Mozilla Firefox 2010-10-28 15:37:21 ----D---- C:\Windows\AppPatch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ahcix86s;ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [2008-04-14 170000] R0 Amddfltr;Amd Disk Lower Filter Driver; C:\Windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416] R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-29 7680] R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2008-03-27 24424] R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056] R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2010-05-24 47616] R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2004-05-14 76288] R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-28 3544064] R3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456] R3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2008-02-01 80936] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-23 52736] R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-14 118784] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-16 379904] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-17 196784] R3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-03-26 40752] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 CH341SER;CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [2007-09-23 37488] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 w800bus;Sony Ericsson W800 driver (WDM); C:\Windows\system32\DRIVERS\w800bus.sys [2005-06-13 60768] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-28 667648] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-12 302144] R2 FontServer;Lectra Font Service; C:\Program Files\Lectra\IManager\bin\fontserver.exe [2003-05-05 456704] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728] R2 LpDaemon;Lectra Print Service; C:\Program Files\Lectra\IManager\bin\lpdaemon.exe [2003-05-05 227840] R2 Modaservice;Modaservice; C:\Program Files\Lectra\Modaservice\modaserv.exe [2007-01-03 188575] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-14 292248] R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-14 116112] R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe [2008-04-16 221239] R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-03-26 595248] R2 VPDaemon;Lectra VigiPrint Service; C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe [2006-06-12 86016] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832] R3 WefiEngSvc;WeFi Engine Service; C:\Program Files\WeFi\WefiEngSvc.exe [2010-07-25 120152] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Usługa Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] -----------------EOF----------------- [/log] [b]RSIT Info[/b] [log]info.txt logfile of random's system information tool 1.08 2010-11-21 23:18:05 ======Uninstall list====== Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} AMD Driver Support for HP 3D DriverGuard-->MsiExec.exe /X{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Artcut2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C470E91-A01A-4F1A-AA2E-54A306FA8EC4}\setup.exe" -l0x9 -uninst -removeonly Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe" Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0015 avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Catalyst Control Center - Branding-->MsiExec.exe /I{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74} Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3} Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560} Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall Diamino V5R2c4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB0CB2CA-0894-4CA0-8F87-B827E27B12F6}\setup.exe" -l0x9 DigitalPersona Personal 3.0.1-->MsiExec.exe /I{AE72E414-0935-4AC8-B7D6-12E3039BEC13} GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe gry Toolbar-->C:\PROGRA~1\gry\UNWISE.EXE /U C:\PROGRA~1\gry\INSTALL.LOG Gwiezdny obrońca 3-->C:\Program Files\Gry.Pl\Star Defender 3\Uninstall.exe Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9 -removeonly HP Help and Support-->MsiExec.exe /X{28C3E5E6-5ACA-408D-9A46-089C5334EC97} HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0015 uninst HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F} HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9} HP Wireless Assistant-->MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x15 -remove -removeonly IManager V5R3c7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E21D505-4078-4C3C-8104-6301F526521C}\setup.exe" -l0x9 Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly K-Lite Mega Codec Pack 4.5.3-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034} Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (Polish)-->MsiExec.exe /X{95120000-00AF-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {E9EA2604-8AC9-47D2-8F4B-6BF60787A357} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Works-->MsiExec.exe /I{306B39C9-3AB1-4161-8567-9C7E50B41AE3} ModarisV5R1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B33836A-D5E6-4750-BD44-4280B93C52E3}\setup.exe" -l0x9 Modaservice V5R2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E3D096D-3D27-491A-A0C4-6C30C003D8AB}\setup.exe" -l0x9 Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exe Pakiet zgodności dla systemu Office 2007-->MsiExec.exe /X{90120000-0020-0415-0000-0000000FF1CE} Pasek narzędzi AOL 5.0-->"C:\Program Files\AOL\Pasek narzędzi AOL 5.0\uninstall.exe" Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall ProtectSmart Hard Drive Protection-->MsiExec.exe /X{DD876490-252F-4EEF-B205-2E8F5A6E523B} QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe" Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0015 -removeonly Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16} Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Sentinel System Driver 5.42.1 (32-bit)-->MsiExec.exe /I{F02598C2-2A5F-4593-8F09-439F3317B2C8} SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} SWAT 4-->"C:\Program Files\InstallShield Installation Information\{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}\Setup.exe" -runfromtemp -l0x0415 /x Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tachyon Demo-->C:\Windows\IsUninst.exe -f"C:\Program Files\NovaLogic\Tachyon Demo\Uninst.isu" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE} VigiPrint V2.4c12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0748138E-CAA4-4B59-8670-86DEC15E22EF}\setup.exe" -l0x9 WeFi 4.0.0.16-->C:\Program Files\WeFi\uninst.exe Windows Live Messenger-->MsiExec.exe /I{223818EB-2BB5-4AAD-9F38-BA9668A4E3F3} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Czarek-PC Event Code: 3 Message: Usługa została uruchomiona. Record Number: 703622 Source Name: Virtual Disk Service Time Written: 20101121221745.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 7036 Message: Usługa Dysk wirtualny weszła w stan uruchomienia. Record Number: 703623 Source Name: Service Control Manager Time Written: 20101121221745.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 7036 Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan zatrzymania. Record Number: 703624 Source Name: Service Control Manager Time Written: 20101121221746.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 4 Message: Usługa została zatrzymana. Record Number: 703625 Source Name: Virtual Disk Service Time Written: 20101121221747.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 7036 Message: Usługa Dysk wirtualny weszła w stan zatrzymania. Record Number: 703626 Source Name: Service Control Manager Time Written: 20101121221747.000000-000 Event Type: Informacje User: =====Application event log===== Computer Name: Czarek-PC Event Code: 0 Message: Record Number: 51336 Source Name: hpqwmiex Time Written: 20101121153433.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 0 Message: Record Number: 51337 Source Name: Com4QLBEx Time Written: 20101121153438.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 1001 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie usunięte. Dane rekordu zawierają nowe wartości wpisów Last Counter (ostatni licznik) i Last Help (ostatnia Pomoc) do Rejestru systemowego. Record Number: 51338 Source Name: Microsoft-Windows-LoadPerf Time Written: 20101121220343.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 1000 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie załadowane. Dane rekordu w sekcji danych zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 51339 Source Name: Microsoft-Windows-LoadPerf Time Written: 20101121220343.000000-000 Event Type: Informacje User: Computer Name: Czarek-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 51340 Source Name: LightScribeService Time Written: 20101121221804.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: Czarek-PC Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 400984 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101103173927.575177-000 Event Type: Sukces inspekcji User: Computer Name: Czarek-PC Event Code: 4648 Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: CZAREK-PC$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Konto, którego poświadczenia zostały użyte: Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Serwer docelowy: Nazwa serwera docelowego: localhost Informacje dodatkowe: localhost Informacje o procesie: Identyfikator procesu: 0x294 Nazwa procesu: C:\WINDOWS\System32\services.exe Informacje o sieci: Adres sieciowy: - Port: - To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS. Record Number: 400985 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101103174030.457177-000 Event Type: Sukces inspekcji User: Computer Name: Czarek-PC Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: CZAREK-PC$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x294 Nazwa procesu: C:\WINDOWS\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 400986 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101103174030.457177-000 Event Type: Sukces inspekcji User: Computer Name: Czarek-PC Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 400987 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101103174030.457177-000 Event Type: Sukces inspekcji User: Computer Name: Czarek-PC Event Code: 4648 Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: CZAREK-PC$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Konto, którego poświadczenia zostały użyte: Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Serwer docelowy: Nazwa serwera docelowego: localhost Informacje dodatkowe: localhost Informacje o procesie: Identyfikator procesu: 0x294 Nazwa procesu: C:\WINDOWS\System32\services.exe Informacje o sieci: Adres sieciowy: - Port: - To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS. Record Number: 400988 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101103174133.156177-000 Event Type: Sukces inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WeFi "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=17 "PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0301 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Pavilion -----------------EOF----------------- [/log] Prosił bym o w miarę szybką pomoc, ponieważ komputer służy do pracy. Dziękuję i pozdrawiam.
Sohei komentarz 22 listopada 2010 komentarz 22 listopada 2010 [code]:Processes Explorer.exe :OTL [2010-11-16 20:10:14 | 000,000,237 | ---- | M] () -- C:\Users\Czarek\AppData\Roaming\scgdfgasfbh.bat [2010-11-16 20:10:14 | 000,578,560 | ---- | M] (Momento LTD) -- C:\Users\Czarek\AppData\Roaming\hotfix.exe O20 - HKU\S-1-5-21-1310248553-1059408766-3513489513-1000 Winlogon: Shell - (C:\Users\Czarek\AppData\Roaming\hotfix.exe) - C:\Users\Czarek\AppData\Roaming\hotfix.exe (Momento LTD) :files C:\Users\Czarek\AppData\Roaming\hotfix.exe C:\Users\Czarek\AppData\Roaming\scgdfgasfbh.bat :services Momento LTD :Commands [emptytemp] [start explorer] [reboot][/code] Wklejasz to do OTL w białe okienko i klikasz run fix(wykonaj skrypt). Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url] Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url] Co znajda usun po czym daj logi z usuwania + nowy log OTL
nohender komentarz 23 listopada 2010 Autor komentarz 23 listopada 2010 Nie wiem czy dobrze zrobiłem ale już nie mogłem czekać więc włączyłem komputer pozwoliłem mu się "zeskanować" po tym normalnie się uruchomił i zainstalowałem program Unlocker i za jego pomocą usunąłem pliki hotfix.exe oraz scgdfgasfbh.bat z folderu C:/Użytkownicy/xxx/AppData/Roaming po czym zrobiłem restart i komputer włączył się bez żadnego problemu i Think Point'a nie ma
Sohei komentarz 24 listopada 2010 komentarz 24 listopada 2010 przecież podałem ci dokładny opis krok po kroku co masz zrobic... daj nowy log z OTL
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.