x-kom hosting

System zwolnił.

grzalu123
utworzono
utworzono (edytowane)

Proszę o sprawdzenie logów z combofix'a, gdyż ostatnimi czasy bardzo mi zwolnił system:
[url="http://wklej.org/id/553508/"]LOG KLIK[/url]

[log]OTL logfile created on: 2011-06-27 16:12:01 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,41% Memory free
3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 5,63 Gb Free Space | 7,55% Space Free | Partition Type: NTFS
Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS

Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe
PRC - [2011-06-26 21:36:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-06-16 22:23:05 | 000,494,160 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
PRC - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
PRC - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe
PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe
PRC - [2011-04-27 20:29:10 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe
PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe
PRC - [2010-11-20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2010-11-20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-11-20 14:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010-10-24 20:20:18 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-10-24 20:20:18 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-10-24 20:20:16 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-10-24 20:20:16 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-10-24 20:20:16 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010-09-21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe
PRC - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010-04-13 17:25:00 | 008,555,040 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010-04-13 17:24:58 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010-03-25 13:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010-03-10 18:49:06 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2010-03-10 18:49:04 | 001,697,064 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2010-02-28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010-02-22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010-02-05 17:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-12-31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe
PRC - [2009-12-25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009-11-05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009-08-13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009-07-28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008-10-25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe
MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010-11-20 14:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2010-11-20 14:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe -- (ABConfSV)
SRV - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV - [2011-04-24 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-03-29 20:27:22 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup)
SRV - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2)
SRV - [2011-02-28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
SRV - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe)
SRV - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009-10-06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-03-05 23:13:53 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
DRV - [2011-02-13 00:10:25 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-10-26 14:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010-04-24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010-04-24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010-04-24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010-04-09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2010-04-09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-03-25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-03-12 11:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-11-06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009-07-30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009-06-22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-01-18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-26 21:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-14 16:41:09 | 000,000,000 | ---D | M]

[2011-03-22 23:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Extensions
[2011-05-24 16:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Firefox\Profiles\9tb51cpr.default\extensions
[2011-04-25 13:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-24 22:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-25 13:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl
File not found (No name found) --
() (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-06-26 21:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-06-27 15:36:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]NBAgent[/b] - hkey= - key= - c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: [b]SUPERAntiSpyware[/b] - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Toshiba Registration[/b] - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: [b]Toshiba TEMPRO[/b] - hkey= - key= - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: [b]ToshibaServiceStation[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: [b]TosNC[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]TosReelTimeMonitor[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]TosVolRegulator[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: [b]TWebCamera[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-27 15:41:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-06-27 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\temp
[2011-06-27 15:35:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-06-27 15:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-06-27 15:17:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-06-27 15:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-06-27 15:16:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-06-27 15:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-27 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\RGE
[2011-06-27 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarterBackgroundChanger
[2011-06-27 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\Apple Computer
[2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple Computer
[2011-06-14 16:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-06-14 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-06-14 16:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011-06-14 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-06-14 16:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011-06-14 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple
[2011-06-14 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-06-14 16:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-06-09 18:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-06-07 19:22:19 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{DAC5946F-369C-485B-A88B-4694B723F4DD}
[2011-06-01 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Disco Polo
[2011-06-01 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\muzyyka
[2011-06-01 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\U3
[2011-05-31 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Arena Wysoka
[2011-05-31 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Muza Od Rafała
[2011-05-30 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\CyberLink
[2011-05-30 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\CyberLink
[2011-05-30 14:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011-05-30 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011-05-30 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011-05-26 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
[2011-05-26 15:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2011-05-26 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
[2011-05-26 14:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2011-05-23 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\blueconnect
[2011-05-20 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\178
[2011-05-17 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{5FD28280-6D76-4821-AE2D-F1515299904D}
[2011-05-17 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{3495CC1B-D975-45D7-B3E8-E2D141E75797}
[2011-05-16 18:46:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\Notesy programu OneNote
[2011-05-16 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{4B0ED46E-60AF-44CC-9E70-0F3B7AE14376}
[2011-05-13 15:10:01 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{D95E359E-926A-4274-9350-293317FBEB5E}
[2011-05-13 07:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011-05-13 07:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011-05-12 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Energy_Mix_-_Volume_24_2011
[2011-05-10 22:40:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
[2011-05-10 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\NetMeter
[2011-05-08 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011-05-04 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\AIMP
[2011-05-04 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2
[2011-05-04 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2
[2011-05-04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2_PL
[2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0
[2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\.thumbnails
[2011-05-04 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011-05-04 16:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011-05-04 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-27 16:20:52 | 003,670,016 | -HS- | M] () -- C:\Users\GregoR\NTUSER.DAT
[2011-06-27 16:16:10 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-27 16:16:10 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-27 16:08:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-06-27 16:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-27 16:08:30 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-27 15:55:00 | 005,491,613 | -H-- | M] () -- C:\Users\GregoR\AppData\Local\IconCache.db
[2011-06-27 15:36:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011-06-27 15:36:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-06-27 14:57:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job
[2011-06-27 13:43:11 | 001,559,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-06-27 13:43:11 | 000,701,704 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-06-27 13:43:11 | 000,619,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-27 13:43:11 | 000,136,432 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-06-27 13:43:11 | 000,107,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-27 13:05:12 | 000,000,017 | ---- | M] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg
[2011-06-27 12:13:14 | 000,013,812 | ---- | M] () -- C:\Windows\System32\results.xml
[2011-06-25 22:57:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job
[2011-06-22 22:32:44 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Temped3324.html
[2011-06-20 20:45:23 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempOY4020.html
[2011-06-19 22:29:39 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempZH2944.html
[2011-06-19 22:29:39 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempCW2944.html
[2011-06-17 23:20:00 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Tempin3264.html
[2011-06-17 23:20:00 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempxY3264.html
[2011-06-17 18:43:21 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempRL3096.html
[2011-06-17 18:43:21 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Tempsf3096.html
[2011-06-14 16:43:45 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-06-14 16:40:49 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-06-13 22:22:02 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempWm3784.html
[2011-06-13 22:22:02 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempuA3784.html
[2011-06-12 20:13:13 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempYp2680.html
[2011-06-09 07:43:46 | 000,000,855 | ---- | M] () -- C:\Users\GregoR\.recently-used.xbel
[2011-06-09 07:37:31 | 000,135,624 | ---- | M] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png
[2011-06-07 16:14:58 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TemphC3204.html
[2011-06-05 22:43:45 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempGn3404.html
[2011-06-05 22:43:45 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempsK3404.html
[2011-06-05 13:19:53 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011-05-31 08:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011-05-30 14:26:44 | 000,000,000 | ---- | M] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList
[2011-05-30 14:25:21 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011-05-26 18:05:52 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2011-05-26 15:54:31 | 000,000,952 | ---- | M] () -- C:\Windows\QIII.INI
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-05-26 07:37:35 | 000,000,099 | ---- | M] () -- C:\Users\GregoR\Desktop\Bass-party.pls
[2011-05-26 07:34:29 | 000,000,071 | ---- | M] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u
[2011-05-25 22:39:51 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempGy2576.html
[2011-05-25 20:36:45 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempIO1984.html
[2011-05-25 14:59:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-05-25 09:56:55 | 000,006,503 | ---- | M] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0
[2011-05-24 21:08:16 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempMr1752.html
[2011-05-21 14:17:46 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempiZ3028.html
[2011-05-21 14:17:46 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempSe3028.html
[2011-05-20 10:35:56 | 000,029,334 | ---- | M] () -- C:\Users\GregoR\Desktop\Sygna.jpg
[2011-05-15 20:56:16 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempdT2924.html
[2011-05-15 14:03:33 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempHY1632.html
[2011-05-15 14:03:33 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempOo1632.html
[2011-05-13 07:00:15 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011-05-12 21:14:10 | 134,231,803 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3
[2011-05-12 21:12:30 | 127,388,193 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3
[2011-05-12 21:09:42 | 074,673,508 | ---- | M] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3
[2011-05-04 20:39:12 | 000,111,224 | ---- | M] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-05-04 19:20:43 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011-05-04 17:46:34 | 003,771,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-05-04 17:44:34 | 000,001,322 | ---- | M] () -- C:\Users\GregoR\Desktop\metin2.lnk
[2011-05-04 16:02:24 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011-05-04 13:49:35 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempAqA984.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-27 15:17:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-06-27 15:17:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-06-27 15:17:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-06-27 15:17:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-06-27 15:17:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-27 13:05:12 | 000,000,017 | ---- | C] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg
[2011-06-22 20:40:14 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temped3324.html
[2011-06-20 20:16:08 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempOY4020.html
[2011-06-19 19:43:00 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempZH2944.html
[2011-06-19 19:43:00 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCW2944.html
[2011-06-17 21:46:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempin3264.html
[2011-06-17 21:46:51 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxY3264.html
[2011-06-17 18:37:45 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRL3096.html
[2011-06-17 18:37:45 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempsf3096.html
[2011-06-14 16:43:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-06-14 16:40:49 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-06-14 16:39:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011-06-13 21:35:26 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWm3784.html
[2011-06-13 21:35:26 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuA3784.html
[2011-06-12 20:11:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempYp2680.html
[2011-06-09 07:43:46 | 000,000,855 | ---- | C] () -- C:\Users\GregoR\.recently-used.xbel
[2011-06-09 07:37:22 | 000,135,624 | ---- | C] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png
[2011-06-07 16:14:07 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemphC3204.html
[2011-06-05 22:22:02 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGn3404.html
[2011-06-05 22:22:02 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempsK3404.html
[2011-06-05 13:19:53 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-05-31 08:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011-05-30 14:26:44 | 000,000,000 | ---- | C] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList
[2011-05-30 14:25:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011-05-26 18:05:52 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011-05-26 14:41:34 | 000,000,952 | ---- | C] () -- C:\Windows\QIII.INI
[2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-05-26 07:37:28 | 000,000,099 | ---- | C] () -- C:\Users\GregoR\Desktop\Bass-party.pls
[2011-05-26 07:34:27 | 000,000,071 | ---- | C] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u
[2011-05-25 21:43:05 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGy2576.html
[2011-05-25 18:56:41 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempIO1984.html
[2011-05-25 14:59:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-05-25 09:56:55 | 000,006,503 | ---- | C] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0
[2011-05-24 20:23:34 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempMr1752.html
[2011-05-21 14:12:21 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempiZ3028.html
[2011-05-21 14:12:21 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempSe3028.html
[2011-05-20 10:28:11 | 000,029,334 | ---- | C] () -- C:\Users\GregoR\Desktop\Sygna.jpg
[2011-05-15 20:28:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempdT2924.html
[2011-05-15 11:20:13 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempHY1632.html
[2011-05-15 11:20:13 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempOo1632.html
[2011-05-13 07:00:15 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011-05-12 21:01:47 | 074,673,508 | ---- | C] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3
[2011-05-12 21:01:23 | 134,231,803 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3
[2011-05-12 21:00:45 | 127,388,193 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3
[2011-05-04 19:20:39 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011-05-04 17:44:34 | 000,001,322 | ---- | C] () -- C:\Users\GregoR\Desktop\metin2.lnk
[2011-05-04 16:02:24 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011-05-04 13:49:09 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempAqA984.html
[2011-04-04 21:05:02 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempUG1012.html
[2011-04-04 21:05:02 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemplY1012.html
[2011-04-03 21:36:49 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempvc1424.html
[2011-04-03 21:36:49 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempoY1424.html
[2011-03-28 20:42:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempnf2576.html
[2011-03-05 17:10:30 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Templl5132.html
[2011-03-05 17:10:30 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temprk5132.html
[2011-03-04 19:58:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDE2640.html
[2011-03-04 12:04:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxZ1136.html
[2011-03-04 12:04:28 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGM1136.html
[2011-02-27 19:38:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011-02-27 19:28:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011-02-24 13:23:43 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2011-02-23 21:46:48 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWo1044.html
[2011-02-23 21:46:48 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempTq1044.html
[2011-02-20 20:31:05 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempfo4784.html
[2011-02-17 08:46:01 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011-02-11 22:46:42 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemphO2852.html
[2011-01-30 14:48:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-30 14:48:00 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-01-30 14:48:00 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2011-01-30 14:47:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-29 20:42:16 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempjc1584.html
[2011-01-29 20:42:16 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempTH1584.html
[2011-01-20 20:33:10 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempjM6084.html
[2011-01-20 20:33:10 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempSS6084.html
[2010-12-19 20:32:01 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temppw1112.html
[2010-12-18 20:08:07 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010-12-14 23:25:49 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempJD3416.html
[2010-12-11 15:15:25 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempLA5904.html
[2010-12-11 14:07:26 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempel1632.html
[2010-12-10 22:27:14 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuC1728.html
[2010-12-10 16:34:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFK4932.html
[2010-12-09 16:03:43 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempPI5552.html
[2010-12-09 16:03:43 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempgS5552.html
[2010-12-09 09:36:30 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxN4028.html
[2010-12-08 23:35:20 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWa1652.html
[2010-12-08 16:09:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcY6028.html
[2010-12-07 16:10:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempNE5904.html
[2010-12-06 22:36:42 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuU2388.html
[2010-12-06 22:36:42 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemprH2388.html
[2010-12-06 21:16:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempkR5540.html
[2010-12-06 17:22:16 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBx5864.html
[2010-12-06 17:22:16 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempEB5864.html
[2010-12-06 08:16:46 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempjn3588.html
[2010-12-05 22:13:24 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCzw512.html
[2010-12-05 22:10:50 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBB4284.html
[2010-12-05 15:31:32 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGI5892.html
[2010-12-04 19:55:39 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempNt1308.html
[2010-12-04 15:30:09 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWW4280.html
[2010-12-04 12:35:23 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-12-04 11:33:32 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempMl4560.html
[2010-12-04 11:33:32 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempei4560.html
[2010-12-03 23:35:36 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempsk6024.html
[2010-12-03 19:50:33 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemprX4548.html
[2010-12-03 13:12:20 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempPl1544.html
[2010-12-03 13:12:20 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempgg1544.html
[2010-12-01 23:00:25 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDs4636.html
[2010-12-01 23:00:25 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempaD4636.html
[2010-12-01 18:07:37 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempfe6036.html
[2010-11-30 23:12:06 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempIoh504.html
[2010-11-28 18:55:06 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempgi1336.html
[2010-11-28 13:29:36 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini
[2010-11-28 13:29:36 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2010-11-28 13:29:04 | 000,001,094 | ---- | C] () -- C:\Windows\adiras.ini
[2010-11-28 13:29:03 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
[2010-11-28 13:29:03 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
[2010-11-28 13:29:00 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
[2010-11-28 13:28:51 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN
[2010-11-28 13:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
[2010-11-28 13:28:45 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN
[2010-11-28 13:28:38 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN
[2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN
[2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN
[2010-11-28 13:28:37 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN
[2010-11-28 13:28:37 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN
[2010-11-27 21:49:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFL4788.html
[2010-11-27 17:33:41 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempQd4920.html
[2010-11-27 14:22:59 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDTI700.html
[2010-11-25 21:35:38 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFD2736.html
[2010-11-25 16:27:55 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcM5452.html
[2010-11-25 16:27:55 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBV5452.html
[2010-11-25 15:54:21 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempnc3688.html
[2010-11-25 15:54:21 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDW3688.html
[2010-11-25 09:22:50 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempee4736.html
[2010-11-23 22:05:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGRw892.html
[2010-11-23 16:29:37 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempzG1640.html
[2010-11-23 16:29:37 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempyp1640.html
[2010-11-22 20:12:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFO4352.html
[2010-11-22 20:12:28 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDV4352.html
[2010-11-22 16:12:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temprk4176.html
[2010-11-21 21:53:19 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxO3896.html
[2010-11-21 20:56:35 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempZU5408.html
[2010-11-21 16:40:40 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempwa4944.html
[2010-11-21 11:42:35 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFi4648.html
[2010-11-21 11:42:35 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempVP4648.html
[2010-11-21 10:27:03 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempoV5152.html
[2010-11-21 10:27:03 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempoj5152.html
[2010-11-20 23:47:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCt4684.html
[2010-11-20 22:39:03 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temppq3748.html
[2010-11-20 21:01:59 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRV4552.html
[2010-11-20 21:01:59 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempyt4552.html
[2010-11-20 20:43:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempUM3924.html
[2010-11-20 20:19:33 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempwr3924.html
[2010-11-20 16:21:33 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-11-20 16:21:33 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010-11-20 15:33:22 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempQA3696.html
[2010-11-20 15:33:22 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRZ3696.html
[2010-11-20 14:44:36 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempia1108.html
[2010-11-20 14:44:36 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBd1108.html
[2010-11-20 14:10:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcO4772.html
[2010-11-20 14:09:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-11-20 13:51:38 | 005,491,613 | -H-- | C] () -- C:\Users\GregoR\AppData\Local\IconCache.db
[2010-11-20 13:41:28 | 000,111,224 | ---- | C] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-09-25 20:07:48 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010-09-25 19:44:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2010-09-25 19:41:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010-09-25 19:34:49 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010-09-25 19:34:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010-05-20 14:11:01 | 001,559,892 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-07-14 10:07:57 | 000,701,704 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2009-07-14 10:07:57 | 000,136,432 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 06:33:53 | 003,771,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 04:05:48 | 000,619,356 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 04:05:48 | 000,107,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009-07-14 04:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009-07-14 04:04:23 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini
[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-04-28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-06-07 07:11:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\AIMP
[2011-05-30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\BitComet
[2011-05-23 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\blueconnect
[2011-02-24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\COWON
[2010-12-04 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\DAEMON Tools Lite
[2011-04-15 06:35:58 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\FOG Downloader
[2010-11-20 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Gadu-Gadu 10
[2011-06-09 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0
[2011-03-26 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\IObit
[2011-02-17 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\ipla
[2010-11-21 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\MargonemMapki
[2011-05-10 22:35:12 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\NetMeter
[2010-11-20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\OpenFM
[2011-01-22 22:15:34 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\PhotoFiltre
[2010-11-20 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RDRM
[2011-06-27 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RGE
[2011-02-27 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Samsung
[2010-12-23 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\SoftGrid Client
[2010-11-30 19:57:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010-12-11 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Tibia
[2010-11-20 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Toshiba
[2010-11-21 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TP
[2010-12-17 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TS3Client
[2011-03-13 23:46:03 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TuneUp Software
[2010-12-11 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\WinBatch
[2011-04-01 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Windows Live Writer
[2011-06-21 13:22:52 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011-06-27 15:40:53 | 000,025,851 | ---- | M] () -- C:\ComboFix.txt
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-06-27 16:08:30 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-27 16:08:32 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-09-25 19:35:55 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log
[2010-06-25 07:15:15 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >[/log]

[log]OTL Extras logfile created on: 2011-06-27 16:12:01 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,41% Memory free
3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 5,63 Gb Free Space | 7,55% Space Free | Partition Type: NTFS
Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS

Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03}" = Windows Live Family Safety
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{9FE65E62-D027-47F7-B32D-8CAC60026D75}" = ArcaVir
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a6f85984-f0c1-42f1-95a5-3d8f9bdace2d}" = Nero 9 Essentials
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIMP2" = AIMP2
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"BitComet" = BitComet 1.25
"blueconnect" = blueconnect
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Gadu-Gadu 10" = Gadu-Gadu 10
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ipla" = ipla 2.2.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl)
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"Picasa 3" = Picasa 3
"Quake III Arena" = Quake III Arena
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Softonic-Polska Toolbar" = Softonic-Polska Toolbar
"Speccy" = Speccy
"StarterBackgroundChanger" = StarterBackgroundChanger
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-01 10:22:12 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-02 06:05:34 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-06-02 06:05:49 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-06-02 11:20:39 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 13
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 8193
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = System Restore | ID = 8193
Description =

Error - 2011-06-05 05:39:08 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-05 05:42:32 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-05 05:42:33 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

[ OSession Events ]
Error - 2011-02-18 02:03:55 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1233
seconds with 720 seconds of active time. This session ended with a crash.

Error - 2011-02-18 02:14:25 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 567
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-06-27 09:19:28 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-06-27 09:27:08 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-06-27 09:36:13 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030
Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System
jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
ta usługa może nie działać właściwie.

Error - 2011-06-27 09:41:11 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011-06-27 09:41:09 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-06-27 10:08:27 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-06-27 10:08:32 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-06-27 10:08:35 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058

Error - 2011-06-27 10:09:09 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-06-27 10:09:16 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by GregoR at 2011-06-27 16:36:21
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 6 GB (8%) free of 76 GB
Total RAM: 2037 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:37:06, on 2011-06-27
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\blueconnect\DataCardMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\GregoR\Downloads\RSIT.exe
C:\Program Files\trend micro\GregoR.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_blueconnect] "C:\Program Files\blueconnect\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcaBit Config Service (ABConfSV) - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaConfSV.exe
O23 - Service: ArcaBit Main Service (ABMainSV) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
O23 - Service: ArcaBit Backup Service (AVBackup) - ArcaBit - C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaTasksService.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\Program Files\ArcaBit\ArcaUpdate\update.exe
O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 11612 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll [2010-12-06 765744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}]
Softonic-Polska Toolbar - C:\Program Files\Softonic-Polska\tbSoft.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Softonic-Polska Toolbar - C:\Program Files\Softonic-Polska\tbSoft.dll [2010-10-18 3908192]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 1697064]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-13 8555040]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2010-04-13 694816]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 425984]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 480608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 521528]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-25 742712]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 611672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AvMenu"=C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe [2011-06-16 494160]
"DataCardMonitor"=C:\Program Files\blueconnect\DataCardMonitor.exe [2011-04-27 253952]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-24 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-24 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-24 150552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_blueconnect"=C:\Program Files\blueconnect\UpdateDog\ouc.exe [2009-12-31 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
C:\Program Files\ALLPlayer\ALLUpdate.exe [2010-11-02 1432064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-04-22 2423752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2010-04-19 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2010-10-26 1050072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosNC]
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-19 467816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosVolRegulator]
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 22840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
C:\PROGRA~1\MIF5BA~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-10-24 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-25 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-06-27 16:36:24 ----D---- C:\Program Files\trend micro
2011-06-27 16:36:20 ----D---- C:\rsit
2011-06-27 15:41:03 ----SHD---- C:\$RECYCLE.BIN
2011-06-27 15:40:53 ----A---- C:\ComboFix.txt
2011-06-27 15:35:57 ----D---- C:\Windows\temp
2011-06-27 15:17:15 ----A---- C:\Windows\MBR.exe
2011-06-27 15:17:14 ----A---- C:\Windows\PEV.exe
2011-06-27 15:17:14 ----A---- C:\Windows\NIRCMD.exe
2011-06-27 15:17:13 ----A---- C:\Windows\zip.exe
2011-06-27 15:17:13 ----A---- C:\Windows\SWREG.exe
2011-06-27 15:17:13 ----A---- C:\Windows\sed.exe
2011-06-27 15:17:13 ----A---- C:\Windows\grep.exe
2011-06-27 15:17:12 ----A---- C:\Windows\SWSC.exe
2011-06-27 15:16:54 ----D---- C:\Windows\ERDNT
2011-06-27 15:16:39 ----D---- C:\Qoobox
2011-06-27 15:11:39 ----D---- C:\Users\GregoR\AppData\Roaming\RGE
2011-06-27 13:43:41 ----D---- C:\Program Files\StarterBackgroundChanger
2011-06-27 12:06:18 ----D---- C:\Windows\system32\Lang
2011-06-27 12:06:17 ----A---- C:\Windows\system32\igxpun.exe
2011-06-17 06:20:10 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-17 06:20:09 ----A---- C:\Windows\system32\iertutil.dll
2011-06-17 06:20:08 ----A---- C:\Windows\system32\jscript.dll
2011-06-17 06:20:08 ----A---- C:\Windows\system32\ieui.dll
2011-06-17 06:20:07 ----A---- C:\Windows\system32\jscript9.dll
2011-06-17 06:20:04 ----A---- C:\Windows\system32\mshtml.dll
2011-06-17 06:20:04 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 06:20:02 ----A---- C:\Windows\system32\urlmon.dll
2011-06-16 22:27:30 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-16 22:27:27 ----A---- C:\Windows\system32\d3d10_1.dll
2011-06-16 22:27:23 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-16 22:27:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-16 22:27:22 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-16 22:27:18 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-16 22:27:12 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-16 22:27:10 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-16 22:27:07 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-16 22:27:06 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-16 22:27:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-14 16:43:57 ----D---- C:\Users\GregoR\AppData\Roaming\Apple Computer
2011-06-14 16:43:01 ----A---- C:\Windows\system32\GEARAspi.dll
2011-06-14 16:43:01 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-06-14 16:41:55 ----D---- C:\Program Files\iPod
2011-06-14 16:41:47 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-14 16:41:47 ----D---- C:\Program Files\iTunes
2011-06-14 16:40:20 ----D---- C:\Program Files\QuickTime
2011-06-14 16:40:15 ----D---- C:\ProgramData\Apple Computer
2011-06-14 16:39:50 ----D---- C:\Program Files\Apple Software Update
2011-06-14 16:38:54 ----D---- C:\Program Files\Bonjour
2011-06-14 16:38:38 ----D---- C:\ProgramData\Apple
2011-06-14 16:38:38 ----D---- C:\Program Files\Common Files\Apple
2011-06-09 18:58:57 ----D---- C:\Windows\pss
2011-06-01 19:57:11 ----D---- C:\Users\GregoR\AppData\Roaming\U3
2011-05-30 14:26:47 ----D---- C:\Users\GregoR\AppData\Roaming\CyberLink
2011-05-30 14:25:17 ----D---- C:\ProgramData\CyberLink
2011-05-30 14:25:09 ----D---- C:\Program Files\CyberLink

======List of files/folders modified in the last 1 months======

2011-06-27 16:36:24 ----D---- C:\Program Files
2011-06-27 16:22:55 ----D---- C:\Windows\system32\config
2011-06-27 15:36:24 ----D---- C:\Windows
2011-06-27 15:36:24 ----A---- C:\Windows\system.ini
2011-06-27 15:36:02 ----D---- C:\Windows\system32\drivers\etc
2011-06-27 15:34:26 ----D---- C:\ProgramData
2011-06-27 15:27:28 ----D---- C:\Windows\system32\drivers
2011-06-27 15:27:28 ----D---- C:\Windows\System32
2011-06-27 15:27:28 ----D---- C:\Windows\AppPatch
2011-06-27 15:27:22 ----D---- C:\Program Files\Common Files
2011-06-27 15:15:20 ----D---- C:\Windows\Prefetch
2011-06-27 13:43:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-27 13:43:10 ----D---- C:\Windows\inf
2011-06-27 12:28:25 ----D---- C:\Program Files\Metin2_PL
2011-06-27 12:09:11 ----D---- C:\Windows\system32\catroot
2011-06-27 12:06:47 ----D---- C:\Windows\system32\DriverStore
2011-06-27 11:56:50 ----D---- C:\Windows\system32\catroot2
2011-06-26 21:36:57 ----D---- C:\Program Files\Mozilla Firefox
2011-06-26 21:32:49 ----D---- C:\Users\GregoR\AppData\Roaming\Winamp
2011-06-26 20:54:01 ----SHD---- C:\Windows\Installer
2011-06-26 20:53:09 ----D---- C:\Windows\system32\Tasks
2011-06-26 20:39:27 ----D---- C:\Users\GregoR\AppData\Roaming\Skype
2011-06-26 20:11:31 ----D---- C:\Users\GregoR\AppData\Roaming\skypePM
2011-06-21 10:18:46 ----D---- C:\Windows\debug
2011-06-17 08:12:51 ----D---- C:\Windows\winsxs
2011-06-17 07:58:53 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-17 06:30:11 ----D---- C:\Program Files\Internet Explorer
2011-06-17 06:30:05 ----D---- C:\ProgramData\Microsoft Help
2011-06-17 06:24:13 ----A---- C:\Windows\system32\MRT.exe
2011-06-14 16:43:00 ----DC---- C:\Windows\system32\DRVSTORE
2011-06-10 16:06:10 ----D---- C:\Program Files\Tibia
2011-06-09 07:43:47 ----D---- C:\Users\GregoR\AppData\Roaming\gtk-2.0
2011-06-07 07:11:49 ----D---- C:\Users\GregoR\AppData\Roaming\AIMP
2011-06-04 23:45:21 ----D---- C:\Users\GregoR\AppData\Roaming\Media Player Classic
2011-05-31 15:44:55 ----D---- C:\Downloads
2011-05-31 08:19:48 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-30 21:00:09 ----D---- C:\Users\GregoR\AppData\Roaming\BitComet
2011-05-30 14:25:09 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-30 14:24:27 ----D---- C:\Program Files\Common Files\InstallShield
2011-05-28 14:02:24 ----D---- C:\ProgramData\ArcaBit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 36208]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-13 436792]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 ABTDI;ArcaBit Network Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2010-10-26 51280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R3 ABFLT;ArcaBit File Monitor Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [2011-03-05 52304]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-11-06 1227776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-24 4807168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-04-13 3074528]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 242864]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\Windows\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Sterownik filtru magistrali AGP AMD; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 catchme;catchme; \??\C:\Users\GregoR\AppData\Local\Temp\catchme.sys []
S3 cpuz;cpuz; \??\C:\Users\GregoR\AppData\Local\Temp\cpuz.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2010-04-09 69504]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 PortTalk;PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [2009-01-18 3567]
S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-12 189984]
S3 sisagp;Filtr magistrali AGP SIS; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 viaagp;Filtr magistrali AGP VIA; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Sterownik procesora VIA C7; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABConfSV;ArcaBit Config Service; C:\Program Files\ArcaBit\Common\ArcaConfSV.exe [2011-05-31 137808]
R2 ABMainSV;ArcaBit Main Service; C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe [2011-05-04 150992]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2011-06-15 535120]
R2 AVTasks2;ArcaBit Tasks Service; C:\Program Files\ArcaBit\Common\ArcaTasksService.exe [2011-03-05 129616]
R2 AVUpdate;ArcaBit Update Service; C:\Program Files\ArcaBit\ArcaUpdate\update.exe [2010-12-03 117328]
R2 Bonjour Service;Usługa Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-08-19 229376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 468320]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
S2 AVBackup;ArcaBit Backup Service; C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe [2011-03-29 186960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-04-24 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
[/log]

[log]info.txt logfile of random's system information tool 1.08 2011-06-27 16:37:16

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.4 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AIMP2-->C:\Program Files\AIMP2\Uninstall.exe
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228}
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD}
ALLConverter PRO 1.0-->"C:\Program Files\ALLConverter PRO\unins000.exe"
ALLPlayer V4.X-->"C:\Program Files\ALLPlayer\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992}
Apple Mobile Device Support-->MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
ArcaVir Prerequistes-->MsiExec.exe /I{F41B3F68-C137-477A-9DD5-E231F512D84F}
ArcaVir-->MsiExec.exe /X{9FE65E62-D027-47F7-B32D-8CAC60026D75}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0015
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
BitComet 1.25-->C:\Program Files\BitComet\uninst.exe
blueconnect-->C:\Program Files\blueconnect\uninst.exe
Bonjour-->MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
CPUID CPU-Z 1.56-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
eBay-->MsiExec.exe /X{FDE58148-57E7-43BF-879A-29CCE818C078}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Icy Tower v1.4-->"c:\program files\icytower1.4\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
ipla 2.2.1-->C:\Program Files\ipla\uninst.exe
iTunes-->MsiExec.exe /I{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 6.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {E9EA2604-8AC9-47D2-8F4B-6BF60787A357}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe
Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Moduł Szybka instalacja pakietu Microsoft Office 2010-->MsiExec.exe /I{90140000-006D-0415-0000-0000000FF1CE}
Mozilla Firefox 5.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Nero BackItUp and Burn-->MsiExec.exe /X{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}
Nero BackItUp-->MsiExec.exe /X{0420F95C-11FF-4E02-B967-6CC22B188F9F}
Nero BurnRights Help-->MsiExec.exe /X{F6BDD7C5-89ED-4569-9318-469AA9732572}
Nero BurnRights-->MsiExec.exe /X{397516AE-7DFE-4F90-84E0-BD616D559434}
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}
Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885}
Nero Express-->MsiExec.exe /X{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}
Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero RescueAgent-->MsiExec.exe /X{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}
Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Photo Service - powered by myphotobook-->msiexec /qb /x {9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}
Photo Service - powered by myphotobook-->MsiExec.exe /I{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Pomocnik Messenger-->MsiExec.exe /I{BD8DA595-F501-4ABE-85A0-5C23E82472A0}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pro Evolution Soccer 6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045
Program TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0415
Program TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0415
Quake III Arena-->C:\Windows\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -removeonly
SAGEM F@st 800-840-->C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe -runfromtemp -l0x0015 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Softonic-Polska Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Speccy-->"C:\Program Files\Speccy\uninst.exe"
Sprzęt instalacyjny TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0415 -removeonly
StarterBackgroundChanger-->C:\Program Files\StarterBackgroundChanger\Uninstall.exe
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab for Intel-->MsiExec.exe /I{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Tibia-->"C:\Program Files\Tibia\unins000.exe"
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0015 -removeonly
TOSHIBA Bulletin Board-->"C:\Program Files\InstallShield Installation Information\{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}\setup.exe" -runfromtemp -l0x0415 -removeonly
TOSHIBA Bulletin Board-->MsiExec.exe /X{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}
TOSHIBA ConfigFree-->MsiExec.exe /X{607BE7BF-7C28-4ADB-A4A0-385962B901C3}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3}
TOSHIBA Hasło administratora-->"C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0415 -removeonly
Toshiba Manuals-->"C:\Program Files\InstallShield Installation Information\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}\setup.exe" -runfromtemp -l0x0015 -removeonly
TOSHIBA Media Controller-->C:\Program Files\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -l0x0015 -removeonly
TOSHIBA Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0015 -removeonly
TOSHIBA Recovery Media Creator Reminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0415
TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA ReelTime-->"C:\Program Files\InstallShield Installation Information\{B894522E-C079-4DC8-A305-30BA6E2F4459}\setup.exe" -runfromtemp -l0x0415 -removeonly
TOSHIBA ReelTime-->MsiExec.exe /X{B894522E-C079-4DC8-A305-30BA6E2F4459}
TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0015 -removeonly
TOSHIBA Supervisor Password-->"C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0415
TOSHIBA Sync Utility-->"C:\Program Files\InstallShield Installation Information\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}\setup.exe" -runfromtemp -l0x0415 -removeonly
TOSHIBA TEMPRO-->MsiExec.exe /X{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0015 -removeonly
TRORMCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0415
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945}
Utility Common Driver-->"C:\Program Files\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}
WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Family Safety-->MsiExec.exe /I{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live Remote Client Resources-->MsiExec.exe /I{C30628D8-D3A0-4F23-90F0-F145808087B6}
Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe /I{201B5096-AF6E-423E-B987-023E040D9B42}
Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{543E6ACA-51B7-4283-82F2-57C0582A53C5}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======System event log======

Computer Name: GregoR-TOSHIBA
Event Code: 7036
Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia.
Record Number: 129520
Source Name: Service Control Manager
Time Written: 20110408162337.315194-000
Event Type: Informacje
User:

Computer Name: GregoR-TOSHIBA
Event Code: 6
Message: Filtr systemu plików ABFLT (6.0, ?2011?-?02?-?14T17:48:46.000000000Z) został pomyślnie załadowany i zarejestrował się w menedżerze filtrów.
Record Number: 129519
Source Name: Microsoft-Windows-FilterManager
Time Written: 20110408162336.737993-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: GregoR-TOSHIBA
Event Code: 7036
Message: Usługa Menedżer połączeń usługi Dostęp zdalny weszła w stan uruchomienia.
Record Number: 129518
Source Name: Service Control Manager
Time Written: 20110408162335.786391-000
Event Type: Informacje
User:

Computer Name: GregoR-TOSHIBA
Event Code: 7036
Message: Usługa Telefonia weszła w stan uruchomienia.
Record Number: 129517
Source Name: Service Control Manager
Time Written: 20110408162335.411990-000
Event Type: Informacje
User:

Computer Name: GregoR-TOSHIBA
Event Code: 7036
Message: Usługa Usługa Protokół SSTP weszła w stan uruchomienia.
Record Number: 129516
Source Name: Service Control Manager
Time Written: 20110408162335.349590-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: GregoR-TOSHIBA
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 1799
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101120103319.311161-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: GregoR-TOSHIBA
Event Code: 1532
Message: Usługa profilów użytkowników została zatrzymana.


Record Number: 1798
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100925181437.983318-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: WIN-SRAAV3MGUCA
Event Code: 1003
Message: Usługa Windows Search została uruchomiona.

Record Number: 1797
Source Name: Microsoft-Windows-Search
Time Written: 20100925181430.000000-000
Event Type: Informacje
User:

Computer Name: WIN-SRAAV3MGUCA
Event Code: 1013
Message: Usługa Windows Search została normalnie zatrzymana.

Record Number: 1796
Source Name: Microsoft-Windows-Search
Time Written: 20100925181429.000000-000
Event Type: Informacje
User:

Computer Name: WIN-SRAAV3MGUCA
Event Code: 103
Message: Windows (1672) Windows: Aparat bazy danych zatrzymał wystąpienie (0).
Record Number: 1795
Source Name: ESENT
Time Written: 20100925181428.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: GregoR-TOSHIBA
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GREGOR-TOSHIBA$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x22c
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 18181
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211052108.870439-000
Event Type: Sukcesy inspekcji
User:

Computer Name: GregoR-TOSHIBA
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000
Nazwa konta: GregoR
Domena konta: GregoR-TOSHIBA
Identyfikator logowania: 0x15b4e

Uprawnienia: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 18180
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211052108.386838-000
Event Type: Sukcesy inspekcji
User:

Computer Name: GregoR-TOSHIBA
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GREGOR-TOSHIBA$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 2

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000
Nazwa konta: GregoR
Domena konta: GregoR-TOSHIBA
Identyfikator logowania: 0x15b84
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x24c
Nazwa procesu: C:\Windows\System32\winlogon.exe

Informacje o sieci:
Nazwa stacji roboczej: GREGOR-TOSHIBA
Adres źródłowy sieci: 127.0.0.1
Port źródłowy: 0

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: User32
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 18179
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211052108.386838-000
Event Type: Sukcesy inspekcji
User:

Computer Name: GregoR-TOSHIBA
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GREGOR-TOSHIBA$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 2

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000
Nazwa konta: GregoR
Domena konta: GregoR-TOSHIBA
Identyfikator logowania: 0x15b4e
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x24c
Nazwa procesu: C:\Windows\System32\winlogon.exe

Informacje o sieci:
Nazwa stacji roboczej: GREGOR-TOSHIBA
Adres źródłowy sieci: 127.0.0.1
Port źródłowy: 0

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: User32
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 18178
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211052108.386838-000
Event Type: Sukcesy inspekcji
User:

Computer Name: GregoR-TOSHIBA
Event Code: 4648
Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: GREGOR-TOSHIBA$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Konto, którego poświadczenia zostały użyte:
Nazwa konta: GregoR
Domena konta: GregoR-TOSHIBA
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Serwer docelowy:
Nazwa serwera docelowego: localhost
Informacje dodatkowe: localhost

Informacje o procesie:
Identyfikator procesu: 0x24c
Nazwa procesu: C:\Windows\System32\winlogon.exe

Informacje o sieci:
Adres sieciowy: 127.0.0.1
Port: 0

To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS.
Record Number: 18177
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110211052108.386838-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ArcaBit\Common;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
[/log]

[log]GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-27 17:29:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.GH01
Running: rhv8ew8d.exe; Driver: C:\Users\GregoR\AppData\Local\Temp\kwlorfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 81E51339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E8AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text sptd.sys 880BC000 8 Bytes [34, 22, 23, 82, A0, 87, 22, ...] {XOR AL, 0x22; AND EAX, [EDX-0x7ddd7860]}
.text sptd.sys 880BC009 23 Bytes [87, 22, 82, 48, AB, 22, 82, ...]
.text sptd.sys 880BC024 4 Bytes [44, B5, 1E, 88]
.text sptd.sys 880BC02C 10 Bytes [99, 85, 07, 82, D2, 48, FF, ...]
.text sptd.sys 880BC037 89 Bytes [82, A0, DA, E4, 81, 6F, 98, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x881B3D38]
? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload 8D9C8DB9 5 Bytes JMP 85BFA410

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2232] ntdll.dll!LdrLoadDll 777922B8 5 Bytes JMP 01321410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2232] USER32.dll!GetWindowInfo 75BF4B5E 5 Bytes JMP 6ADCC3EA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [880BD0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [880BDFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [880BD574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [880BE1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [880BD362] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74542437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74525600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74538514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74534CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7453506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74535144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74536671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7453826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7453901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7453E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74534BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)
IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84B1D1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 85B481F8
Device \Driver\usbuhci \Device\USBPDO-1 85B481F8
Device \Driver\usbuhci \Device\USBPDO-2 85B481F8
Device \Driver\usbuhci \Device\USBPDO-3 85B481F8
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 85BE4430

AttachedDevice \Driver\tdx \Device\Tcp ABTDI.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B78514DA-6175-4B4D-81A0-2F205D2BB38D} 85B161F8
Device \Driver\cdrom \Device\CdRom0 863F01F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8835B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8835B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 85B161F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E9A9F061-1CE0-4873-B831-38EC778A3245} 85B161F8
Device \Driver\PCI_PNP0445 \Device\0000005a sptd.sys
Device \Driver\PCI_PNP0445 \Device\0000005a sptd.sys
Device \Driver\PCI_PNP0445 \Device\0000005b sptd.sys
Device \Driver\PCI_PNP0445 \Device\0000005b sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 85B481F8
Device \Driver\usbuhci \Device\USBFDO-1 85B481F8
Device \Driver\usbuhci \Device\USBFDO-2 85B481F8
Device \Driver\usbuhci \Device\USBFDO-3 85B481F8
Device \Driver\usbehci \Device\USBFDO-4 85BE4430
Device \Driver\aw3hyt6c \Device\Scsi\aw3hyt6c1 85C6A1F8
Device \Driver\aw3hyt6c \Device\Scsi\aw3hyt6c1Port2Path0Target0Lun0 85C6A1F8
Device \Driver\a9wf9zjv \Device\Scsi\a9wf9zjv1 85C701F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@a00798622e14 0xB0 0x66 0xD1 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@101dc0cf086a 0x79 0x95 0x56 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@00265d5cdc30 0x72 0xC6 0x60 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@0024ef8fe88b 0xC8 0xB3 0x2B 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@0021fb8d8067 0x9E 0x85 0x04 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xD1 0x3C 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x4D 0x8B 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x6C 0xD8 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0xE7 0x30 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@a00798622e14 0xB0 0x66 0xD1 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@101dc0cf086a 0x79 0x95 0x56 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@00265d5cdc30 0x72 0xC6 0x60 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@0024ef8fe88b 0xC8 0xB3 0x2B 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@0021fb8d8067 0x9E 0x85 0x04 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xD1 0x3C 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x4D 0x8B 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x6C 0xD8 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0xE7 0x30 0x2E ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File Q:\$RECYCLE.BIN 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-1000 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-1000\desktop.ini 129 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-500 0 bytes
File Q:\GREGOR-TOSHIBA 0 bytes
File Q:\GREGOR-TOSHIBA\Desktop.ini 226 bytes
File Q:\HDDRecovery 0 bytes
File Q:\HDDRecovery\HDDRecovery.tag 13 bytes
File Q:\HDDRecovery\ODDFiles 0 bytes
File Q:\HDDRecovery\ODDFiles\Boot 0 bytes
File Q:\HDDRecovery\ODDFiles\Boot\bcd 262144 bytes
File Q:\HDDRecovery\ODDFiles\Boot\boot.sdi 3170304 bytes
File Q:\HDDRecovery\ODDFiles\Boot\etfsboot.com 4096 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts 0 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts\chs_boot.ttf 3693112 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts\cht_boot.ttf 3875804 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts\jpn_boot.ttf 1983244 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts\kor_boot.ttf 2370376 bytes
File Q:\HDDRecovery\ODDFiles\Boot\fonts\wgl4_boot.ttf 46468 bytes
File Q:\HDDRecovery\ODDFiles\bootmgr 383562 bytes
File Q:\HDDRecovery\ODDFiles\EFI 0 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft 0 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot 0 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\bcd 262144 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts 0 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\chs_boot.ttf 3693096 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\cht_boot.ttf 3875804 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\jpn_boot.ttf 1983260 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\kor_boot.ttf 2370392 bytes
File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\wgl4_boot.ttf 46468 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP 0 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot 0 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\bcd 262144 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\boot.sdi 3170304 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\etfsboot.com 2048 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\fonts 0 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\fonts\wgl4_boot.ttf 49752 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\bootmgr 333203 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\sources 0 bytes
File Q:\HDDRecovery\ODDFiles\HDDPREP\sources\boot.wim 118680687 bytes
File Q:\HDDRecovery\ODDFiles\HTMPREP 0 bytes
File Q:\HDDRecovery\ODDFiles\HTMPREP\ReadMe.html 9804 bytes
File Q:\HDDRecovery\ODDFiles\HTMPREP\TOSHIBA.jpg 6751 bytes
File Q:\HDDRecovery\ODDFiles\sources 0 bytes
File Q:\HDDRecovery\ODDFiles\sources\boot.wim 118958836 bytes
File Q:\HDDRecovery\ODDFiles\Tools 0 bytes
File Q:\HDDRecovery\ODDFiles\Tools\crtdll.dll 149019 bytes executable
File Q:\HDDRecovery\ODDFiles\Tools\imagex.exe 481680 bytes executable
File Q:\HDDRecovery\ODDFiles\Tools\Version.txt 26 bytes
File Q:\HDDRecovery\ODDFiles\Tools\vRecoFastCRC.exe 217088 bytes executable
File Q:\HDDRecovery\ODDFiles\Tools\XcludeCRC.ini 661 bytes
File Q:\HDDRecovery\ODDFiles\Tools\zlibwapi.dll 72704 bytes executable
File Q:\HDDRecovery\OriSetenv 0 bytes
File Q:\HDDRecovery\OriSetenv\Setenv.ini 4250 bytes
File Q:\HDDRecovery\ReadMe.html 9804 bytes
File Q:\HDDRecovery\SWImg 0 bytes
File Q:\HDDRecovery\SWImg\12344XR1.crc 4814 bytes
File Q:\HDDRecovery\SWImg\12344XSP.swm 943694294 bytes
File Q:\HDDRecovery\SWImg\12344XSP2.swm 939890616 bytes
File Q:\HDDRecovery\SWImg\12344XSP3.swm 662752018 bytes
File Q:\HDDRecovery\SWImg\12344XSP4.swm 885374214 bytes
File Q:\HDDRecovery\SWImg\12344XSP5.swm 943507560 bytes
File Q:\HDDRecovery\SWImg\12344XSP6.swm 941526050 bytes
File Q:\HDDRecovery\SWImg\12344XSP7.swm 293682013 bytes
File Q:\HDDRecovery\SWImg\12344XV1.crc 14650968 bytes
File Q:\HDDRecovery\TOSHIBA.jpg 6751 bytes
File Q:\System Volume Information 0 bytes
File Q:\System Volume Information\Chkdsk 0 bytes
File Q:\System Volume Information\Chkdsk\Chkdsk20110313152614.log 3072 bytes
File Q:\System Volume Information\tracking.log 20480 bytes
File Q:\System Volume Information\{0e3a90e0-009c-11e0-9565-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 61849600 bytes
File Q:\System Volume Information\{2da53591-4285-11e0-a0c7-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 1174405120 bytes
File Q:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes
File Q:\System Volume Information\{3e167af2-219f-11e0-a5c2-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 5996544 bytes
File Q:\System Volume Information\{d524b85e-f5f8-11df-93e6-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 1591263232 bytes
File Q:\System Volume Information\{e0d36913-1247-11e0-8558-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 92553216 bytes

---- EOF - GMER 1.0.15 ----
[/log]
[log]GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-27 17:30:47
Windows 6.1.7601 Service Pack 1
Running: rhv8ew8d.exe; Driver: C:\Users\GregoR\AppData\Local\Temp\kwlorfow.sys


---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\system32\drivers\1394ohci.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] 1394ohci
Service C:\Program Files\ArcaBit\Common\ArcaConfSV.exe (ArcaBit Config Service/ArcaBit) [AUTO] ABConfSV
Service C:\??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [MANUAL] ABFLT
Service C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe (ArcaBit Main Service/ArcaBit) [AUTO] ABMainSV
Service C:\??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [SYSTEM] ABTDI
Service C:\Windows\system32\drivers\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI
Service C:\Windows\system32\drivers\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi
Service C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx
Service C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci
Service C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [MANUAL] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys (Filtr AGP 440 NT/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [MANUAL] aic78xx
Service C:\Windows\System32\alg.exe (Usługa bramy warstwy aplikacji/Microsoft Corporation) [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide
Service C:\Windows\system32\drivers\amdagp.sys (Filtr AGP AMD NT/Microsoft Corporation) [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys (Sterownik AMD IDE/Microsoft Corporation) [MANUAL] amdide
Service C:\Windows\system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service C:\Windows\system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM
Service C:\Windows\system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata
Service C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows family/AMD Technologies Inc.) [MANUAL] amdsbs
Service C:\Windows\system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata
Service C:\Windows\system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AppIDSvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) AppMgmt
Service C:\Windows\system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc
Service C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [AUTO] ArcaRemoteService
Service C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas
Service Aspi32
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\system32\DRIVERS\athr.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] athr
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Audiosrv
Service C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe (Backup Module/ArcaBit) [AUTO] AVBackup
Service C:\Program Files\ArcaBit\Common\ArcaTasksService.exe (Tasks2 Module/ArcaBit) [AUTO] AVTasks2
Service C:\Program Files\ArcaBit\ArcaUpdate\update.exe (Update Module/ArcaBit) [AUTO] AVUpdate
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AxInstSV
Service C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv
Service C:\Windows\system32\DRIVERS\b57nd60x.sys (Ujednolicony sterownik karty Broadcom NetXtreme Gigabit Ethernet NDIS6.x./Broadcom Corporation) [MANUAL] b57nd60x
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Program Files\Microsoft\BingBar\BBSvc.EXE (BingBar Service/Microsoft Corporation.) [MANUAL] BBSvc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] BDESVC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] BITS
Service C:\Windows\system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Browser
Service C:\Windows\System32\Drivers\Brserid.sys (Sterownik szeregowy I/F (WDM) firmy Brother/Brother Industries Ltd.) [MANUAL] Brserid
Service C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\DRIVERS\BthEnum.sys (Przedłużenie magistrali Bluetooth/Microsoft Corporation) [MANUAL] BthEnum
Service C:\Windows\system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service C:\Windows\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan
Service C:\Windows\System32\Drivers\BTHport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) [MANUAL] BTHPORT
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] bthserv
Service C:\Windows\System32\Drivers\BTHUSB.sys (Sterownik miniportu Bluetooth/Microsoft Corporation) [MANUAL] BTHUSB
Service C:\Users\GregoR\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] CertPropSvc
Service C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] cfWiMAXService
Service C:\Windows\system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide
Service C:\Windows\System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG
Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\Windows\system32\drivers\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] ConfigFree Service
Service C:\Users\GregoR\AppData\Local\Temp\cpuz.sys [MANUAL] cpuz
Service C:\??\C:\Windows\system32\drivers\cpuz134_x32.sys [AUTO] cpuz134
Service C:\Windows\system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] CryptSvc
Service C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Office Client Virtualization Service /Microsoft Corporation) [AUTO] cvhsvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\ProgramData\DatacardService\DCService.exe [AUTO] DCService.exe
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] defragsvc
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dhcp
Service C:\Windows\System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache
Service C:\Windows\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] DPS
Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\System32\Drivers\e4ldr.sys (USB Firmware loader/Analog Deivces) [AUTO] E4LOADER
Service C:\Windows\system32\DRIVERS\e4usbaw.sys (ADSL USB Driver/Analog Devices Inc.) [MANUAL] e4usbaw
Service C:\Windows\system32\drivers\EagleNT.sys [MANUAL] EagleNT
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] EapHost
Service C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS
Service C:\Windows\system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor
Service C:\Windows\system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] eventlog
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] EventSystem
Service (USB NDIS Miniport Driver/Huawei Technologies Co., Ltd.) ewusbnet
Service (USB Modem/Serial Device Driver/Huawei Technologies Co., Ltd.) ew_hwusbdev
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] fdPHost
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service C:\Windows\System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends
Service C:\Windows\system32\DRIVERS\fssfltr.sys (Family Safety Filter Driver (WFP Callout)/Microsoft Corporation) [MANUAL] fssfltr
Service C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation) [MANUAL] fsssvc
Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec
Service C:\Windows\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol
Service C:\Windows\system32\DRIVERS\gagp30kx.sys (Filtr uniwersalny AGPv3.0 firmy Microsoft dla platform procesora K8/9/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] gpsvc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir
Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service C:\Windows\system32\drivers\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service C:\Windows\system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
Service C:\Windows\system32\DRIVERS\hidbth.sys (Sterownik Bluetooth Miniport dla urządzeń HID/Microsoft Corporation) [MANUAL] HidBth
Service C:\Windows\system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupListener
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupProvider
Service C:\Windows\system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD
Service C:\Windows\system32\drivers\HTTP.sys (Stos protokołu HTTP/Microsoft Corporation) [MANUAL] HTTP
Service C:\Windows\system32\DRIVERS\ew_jucdcacm.sys (ew_jucdcacm Driver/Huawei Technologies Co., Ltd.) [MANUAL] huawei_cdcacm
Service C:\Windows\system32\DRIVERS\ew_jubusenum.sys (ew_jubusenum Driver/Huawei Technologies Co., Ltd.) [MANUAL] huawei_enumerator
Service hwcdcmdm0
Service C:\Windows\system32\DRIVERS\ewusbmdm.sys (USB Modem/Serial Device Driver/Huawei Technologies Co., Ltd.) [MANUAL] hwdatacard
Service C:\Windows\System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy
Service hwusbapp
Service hwusbdev
Service hwusbser
Service C:\Windows\system32\drivers\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [MANUAL] i8042prt
Service ialm
Service C:\Windows\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [BOOT] iaStor
Service C:\Windows\system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [MANUAL] iaStorV
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
Service C:\Windows\system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] iphlpsvc
Service C:\Windows\system32\drivers\IPMIDrv.sys (STEROWNIK URZĄDZENIA INTERFEJSU IPMI W USŁUDZE WMI/Microsoft Corporation) [MANUAL] IPMIDRV
Service C:\Windows\System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [MANUAL] isapnp
Service C:\Windows\system32\drivers\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [MANUAL] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys (Sterownik filtru klawiatury HID/Microsoft Corporation) [MANUAL] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\Windows\System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] KtmRm
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] lmhosts
Service C:\Windows\system32\DRIVERS\LPCFilter.sys (LPCFilter/COMPAL ELECTRONIC INC.) [BOOT] LPCFilter
Service Lsa
Service C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC
Service C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS
Service C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2
Service C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (Sterownik filtru wirtualizacji plików LUA/Microsoft Corporation) [AUTO] luafv
Service MAV Client PerfMon Provider
Service C:\Windows\system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7 for x86/LSI Corporation) [MANUAL] megasas
Service C:\Windows\system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR
Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [MANUAL] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Menedżer punktów instalacji/Microsoft Corporation) [BOOT] mountmgr
Service C:\Windows\system32\drivers\mpio.sys (Sterownik magistrali obsługujący wiele ścieżek/Microsoft Corporation) [MANUAL] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Moduł specyficzny dla urządzeń firmy Microsoft/Microsoft Corporation) [MANUAL] msdsm
Service C:\Windows\System32\msdtc.exe (Usługa Koordynator transakcji rozproszonych firmy Microsoft/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\Windows\System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Instalator systemu Windows®/Microsoft Corporation) [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\drivers\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\Windows\system32\DRIVERS\MTConfig.sys (Sterownik urządzenia Microsoft Multi-Touch HID/Microsoft Corporation) [MANUAL] MTConfig
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys (Sterownik NativeWiFi Miniport/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys (Sterownik NDIS 6.20/Microsoft Corporation) [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap
Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys (Sterownik NDIS I/O trybu użytkownika/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero BackItUp/Nero AG) [AUTO] Nero BackItUp Scheduler 4.0
Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [DISABLED] Netlogon
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] NlaSvc
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (Sterownik systemu plików NT/Microsoft Corporation) [MANUAL] Ntfs
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys (Filtr magistrali AGP NForce NT/Microsoft Corporation) [MANUAL] nv_agp
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\Windows\system32\drivers\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Office Software Protection Platform Service/Microsoft Corporation) [MANUAL] osppsvc
Service Outlook
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service C:\Windows\system32\DRIVERS\pcmcia.sys (Sterownik magistrali PCMCIA/Microsoft Corporation) [MANUAL] pcmcia
Service C:\Windows\System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\system32\DRIVERS\pgeffect.sys (TOSHIBA Universal Camera Filter Driver/TOSHIBA Corporation) [MANUAL] PGEffect
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\System32\Drivers\PortTalk.sys (PortTalk - Beyond Logic I/O Port Driver/Beyond Logic http://www.beyondlogic.org) [MANUAL] PortTalk
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Power
Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Windows\system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\pacer.sys (Harmonogram pakietów QoS/Microsoft Corporation) [SYSTEM] Psched
Service C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300
Service C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys (Sterownik obsługi usługi Quality Windows Audio/Video Experience (qWave)/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd
Service C:\Windows\system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys (Sterownik podsystemu buforowania przekierowanego dysku/Microsoft Corporation) [SYSTEM] rdbss
Service C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus
Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service C:\Windows\system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP
Service (Sterownik stosu terminalu RDP/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] RemoteRegistry
Service C:\Windows\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe (Lokalizator RPC/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR
Service C:\Windows\system32\DRIVERS\Rt86win7.sys (Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver /Realtek ) [MANUAL] RTL8167
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [SYSTEM] SASDIFSV
Service C:\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [SYSTEM] SASKUTIL
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SCardSvr
Service C:\Windows\System32\DRIVERS\scfilter.sys (Sterownik filtru czytnika karty inteligentnej Microsoft/Microsoft Corporation) [MANUAL] scfilter
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SDRSVC
Service C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft SeaPort Search Enhancement Broker/Microsoft Corporation) [MANUAL] SeaPort
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\DRIVERS\serial.sys (Sterownik szeregowy I/F (WDM) firmy Brother/Brother Industries Ltd.) [MANUAL] Serial
Service C:\Windows\system32\DRIVERS\sermouse.sys (Sterownik filtru myszy szeregowej/Microsoft Corporation) [MANUAL] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
Service C:\Windows\system32\DRIVERS\Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation) [MANUAL] Sftfs
Service C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Application Virtualization Client Service/Microsoft Corporation) [AUTO] sftlist
Service C:\Windows\system32\DRIVERS\Sftplaylh.sys (Microsoft Application Virtualization SystemGuard/Microsoft Corporation) [MANUAL] Sftplay
Service C:\Windows\system32\DRIVERS\Sftredirlh.sys (Microsoft Application Virtualization SystemGuard/Microsoft Corporation) [MANUAL] Sftredir
Service C:\Windows\system32\DRIVERS\Sftvollh.sys (Microsoft Application Virtualization Volume Manager/Microsoft Corporation) [MANUAL] Sftvol
Service C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Application Virtualization Virtual Service Agent/Microsoft Corporation) [MANUAL] sftvsa
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (Filtr magistrali AGP SIS NT/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2
Service C:\Windows\system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [DISABLED] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe (Usługa platformy ochrony oprogramowania firmy Microsoft/Microsoft Corporation) [AUTO] sppsvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] sppuinotify
Service C:\Windows\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SSDPSRV
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SstpSvc
Service [SYSTEM] StarOpen
Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/StarWind Software) [AUTO] StarWindServiceAE
Service C:\Program [MANUAL] Steam Client Service
Service C:\Windows\system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] StiSvc
Service C:\Windows\system32\drivers\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (SwitchBoard Server (32 bit)/Adobe Systems Incorporated) [MANUAL] SwitchBoard
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] swprv
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TabletInputService
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TBS
Service C:\Windows\System32\drivers\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service TCPIPTUNNEL
Service C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA ODD Writing Driver for x86./TOSHIBA Corporation.) [MANUAL] tdcmdpst
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba TEMPRO/Toshiba Europe GmbH) [AUTO] TemproMonitoringService
Service C:\Windows\system32\drivers\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TermService
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Themes
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TSS TMachInfo Service/TOSHIBA Corporation) [MANUAL] TMachInfo
Service C:\Windows\system32\TODDSrv.exe (TDCSrv Application/TOSHIBA Corporation) [AUTO] TODDSrv
Service C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Power Saver/TOSHIBA Corporation) [AUTO] TosCoSrv
Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TosSmartSrv.exe/TOSHIBA Corporation) [MANUAL] TOSHIBA HDD SSD Alert Service
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Instalator modułów systemu Windows/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\drivers\tsusbflt.sys (Sterownik filtru koncentratora USB dla usług pulpitu zdalnego/Microsoft Corporation) [MANUAL] TsUsbFlt
Service C:\Windows\system32\DRIVERS\tunnel.sys (Sterownik interfejsu tunelu firmy Microsoft/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver/TOSHIBA Corporation) [BOOT] TVALZ
Service C:\Windows\system32\DRIVERS\uagp35.sys (Filtr AGPv3.5 firmy Microsoft/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Wykrywanie usług interakcyjnych/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (Filtr ULi AGPv3.0 dla platform procesora K8/9/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] upnphost
Service C:\Windows\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
Service C:\Windows\system32\drivers\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\drivers\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\Windows\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] UxSms
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc
Service C:\Windows\system32\drivers\vdrvroot.sys (Główny moduł wyliczający dysku wirtualnego/Microsoft Corporation) [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe (Usługa dysków wirtualnych/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp
Service C:\Windows\system32\drivers\viaagp.sys (Filtr magistrali AGP VIA NT/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\DRIVERS\viac7.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Sterownik rozszerzenia menedżera woluminów/Microsoft Corporation) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] volsnap
Service C:\Windows\system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid
Service C:\Windows\system32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\DRIVERS\vwifibus.sys (Sterownik wirtualnej magistrali WiFi/Microsoft Corporation) [MANUAL] vwifibus
Service C:\Windows\system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] W32Time
Service W3SVC
Service C:\Windows\system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe (Plik EXE usługi Aparat kopii zapasowej na poziomie bloku firmy Microsoft®/Microsoft Corporation) [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WbioSrvc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WcsPlugInService
Service C:\Windows\system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WerSvc
Service C:\Windows\system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\DRIVERS\WinUsb.sys (Windows USB Class Driver BETA/Microsoft Corporation) [MANUAL] WinUsb
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Wlansvc
Service C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Windows Live Mesh Remote Desktop Service/Microsoft Corporation) [DISABLED] wlcrasvc
Service C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft® Windows Live ID Service/Microsoft Corp.) [AUTO] wlidsvc
Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys (Warstwa Winsock2 IFS/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Indeksator programu Microsoft Windows Search/Microsoft Corporation) [DISABLED] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wuauserv
Service C:\Windows\system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WwanSvc
Service xmlprov
Service {1C09ED2E-BEB6-42ED-8CEF-35FB574A56F9}
Service {421437D5-0F6E-4F66-8991-6361227C2BBE}
Service {AB79FB7B-1B28-4E86-A144-705D74736022}
Service {B78514DA-6175-4B4D-81A0-2F205D2BB38D}
Service {E9A9F061-1CE0-4873-B831-38EC778A3245}

---- EOF - GMER 1.0.15 ----
[/log]

wirusolog
komentarz
komentarz

Daj komplet logów: [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u].

grzalu123
komentarz
komentarz

Komplet logów o które prosiłeś został dodany.

wirusolog
komentarz
komentarz

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
MsConfig - StartUpReg: TosNC - hkey= - key= - File not found
MsConfig - StartUpReg: TosReelTimeMonitor - hkey= - key= - File not found

:Files
C:\Users\GregoR\AppData\Local\Temp*.html

:Commands
[emptyflash]
[emptytemp][/code]
Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] W panelu sterowania ([b]dodaj lub usuń programy[/b]) odinstaluj śmietki: [b]Softonic-Polska / Conduit Ltd. , ConduitEngine[/b]

[b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [b]Clean[/b]
Pokaż raport z tego narzędzia.

[b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania.

  • Dobra wypowiedź 1
grzalu123
komentarz
komentarz (edytowane)

Wykonałem wszystko to co kazałeś oto nowe logi:

[log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:51:04 on 27/06/2011, Normal boot

Microsoft Windows 7 Starter Service Pack 1 (X86)
GregoR@GREGOR-TOSHIBA (TOSHIBA TOSHIBA NB250)

============== ACTION(S) ==============


Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\Program Files\ConduitEngine
Folder deleted: C:\Users\GregoR\AppData\LocalLow\PriceGong

(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2530240
Key deleted: HKLM\Software\Conduit
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\AppDataLow\Software\PriceGong
Key deleted: HKCU\Software\AppDataLow\Software\Toolbar
Key deleted: HKLM\Software\GMABooster\OpenCandy
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [5.0 (pl)] ****

Plugins\npBitCometAgent.dll (BitComet)
Plugins\npwachk.dll (Nullsoft, Inc.)
Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&amp;sourceid=Mozilla-search)
Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results)
Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&amp;fraza={searchTerms}&amp;skad=crhhxmkohb)
Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms})
Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj)
Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&amp;r=T&amp;szukaj={searchTerms})
Components\browsercomps.dll (Mozilla Foundation)
Extensions\arcabit@www.arcabit.pl (ArcaBit Ext.)

-- C:\Users\GregoR\AppData\Roaming\Mozilla\FireFox\Profiles\9tb51cpr.default --
Prefs.js - browser.download.lastDir, C:\\Users\\GregoR\\Desktop
Prefs.js - browser.startup.homepage, google.pl
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Google Chrome Version [12.0.742.100] ****


-- C:\Users\GregoR\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.pl/
Preferences - homepage_is_newtabpage: true
Plugin - BitCometAgent (Enabled: true) (C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npBitCometAgent.dll)
Plugin - Windows Live\u0099 Photo Gallery (Enabled: true) (C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Windows Live\u0099 Photo Gallery" (Enabled: true)
Plugin - "BitCometAgent" (Enabled: true)
Plugin - "Winamp Application Detector" (Enabled: true)

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (x)
HKCU_SearchScopes\{3E257421-DAF6-475A-806F-E2E1F6168614} - "Amazon" (hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-w...)
HKCU_SearchScopes\{3FDA090A-A8F2-469A-8E8B-07001D306484} - "eBay" (hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms})
HKCU_SearchScopes\{7D9D9E73-66B3-4309-836E-554B17C971A7} - "?" (?)
HKCU_Toolbar\WebBrowser|{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} (x)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438} - "ArcaVir >>" (C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll,203)
HKLM_Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - "BitComet" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll,203)
BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 31 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)

C:\Ad-Report-CLEAN[1].txt - 27/06/2011 20:51:12 (5553 Byte(s))

End at: 20:53:36, 27/06/2011

============== E.O.F ==============
[/log]

[log]All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TosNC\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TosReelTimeMonitor\ deleted successfully.
========== FILES ==========
C:\Users\GregoR\AppData\Local\TempaD4636.html moved successfully.
C:\Users\GregoR\AppData\Local\TempAqA984.html moved successfully.
C:\Users\GregoR\AppData\Local\TempBB4284.html moved successfully.
C:\Users\GregoR\AppData\Local\TempBd1108.html moved successfully.
C:\Users\GregoR\AppData\Local\TempBV5452.html moved successfully.
C:\Users\GregoR\AppData\Local\TempBx5864.html moved successfully.
C:\Users\GregoR\AppData\Local\TempcM5452.html moved successfully.
C:\Users\GregoR\AppData\Local\TempcO4772.html moved successfully.
C:\Users\GregoR\AppData\Local\TempCt4684.html moved successfully.
C:\Users\GregoR\AppData\Local\TempCW2944.html moved successfully.
C:\Users\GregoR\AppData\Local\TempcY6028.html moved successfully.
C:\Users\GregoR\AppData\Local\TempCzw512.html moved successfully.
C:\Users\GregoR\AppData\Local\TempDE2640.html moved successfully.
C:\Users\GregoR\AppData\Local\TempDs4636.html moved successfully.
C:\Users\GregoR\AppData\Local\TempdT2924.html moved successfully.
C:\Users\GregoR\AppData\Local\TempDTI700.html moved successfully.
C:\Users\GregoR\AppData\Local\TempDV4352.html moved successfully.
C:\Users\GregoR\AppData\Local\TempDW3688.html moved successfully.
C:\Users\GregoR\AppData\Local\TempEB5864.html moved successfully.
C:\Users\GregoR\AppData\Local\Temped3324.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempee4736.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempei4560.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempel1632.html moved successfully.
C:\Users\GregoR\AppData\Local\TempFD2736.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempfe6036.html moved successfully.
C:\Users\GregoR\AppData\Local\TempFi4648.html moved successfully.
C:\Users\GregoR\AppData\Local\TempFK4932.html moved successfully.
C:\Users\GregoR\AppData\Local\TempFL4788.html moved successfully.
C:\Users\GregoR\AppData\Local\TempFO4352.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempfo4784.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempgg1544.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempgi1336.html moved successfully.
C:\Users\GregoR\AppData\Local\TempGI5892.html moved successfully.
C:\Users\GregoR\AppData\Local\TempGM1136.html moved successfully.
C:\Users\GregoR\AppData\Local\TempGn3404.html moved successfully.
C:\Users\GregoR\AppData\Local\TempGRw892.html moved successfully.
C:\Users\GregoR\AppData\Local\TempgS5552.html moved successfully.
C:\Users\GregoR\AppData\Local\TempGy2576.html moved successfully.
C:\Users\GregoR\AppData\Local\TemphC3204.html moved successfully.
C:\Users\GregoR\AppData\Local\TemphO2852.html moved successfully.
C:\Users\GregoR\AppData\Local\TempHY1632.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempia1108.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempin3264.html moved successfully.
C:\Users\GregoR\AppData\Local\TempIO1984.html moved successfully.
C:\Users\GregoR\AppData\Local\TempIoh504.html moved successfully.
C:\Users\GregoR\AppData\Local\TempiZ3028.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempjc1584.html moved successfully.
C:\Users\GregoR\AppData\Local\TempJD3416.html moved successfully.
C:\Users\GregoR\AppData\Local\TempjM6084.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempjn3588.html moved successfully.
C:\Users\GregoR\AppData\Local\TempkR5540.html moved successfully.
C:\Users\GregoR\AppData\Local\TempLA5904.html moved successfully.
C:\Users\GregoR\AppData\Local\Templl5132.html moved successfully.
C:\Users\GregoR\AppData\Local\TemplY1012.html moved successfully.
C:\Users\GregoR\AppData\Local\TempMl4560.html moved successfully.
C:\Users\GregoR\AppData\Local\TempMr1752.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempnc3688.html moved successfully.
C:\Users\GregoR\AppData\Local\TempNE5904.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempnf2576.html moved successfully.
C:\Users\GregoR\AppData\Local\TempNt1308.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempoj5152.html moved successfully.
C:\Users\GregoR\AppData\Local\TempOo1632.html moved successfully.
C:\Users\GregoR\AppData\Local\TempoV5152.html moved successfully.
C:\Users\GregoR\AppData\Local\TempoY1424.html moved successfully.
C:\Users\GregoR\AppData\Local\TempOY4020.html moved successfully.
C:\Users\GregoR\AppData\Local\TempPI5552.html moved successfully.
C:\Users\GregoR\AppData\Local\TempPl1544.html moved successfully.
C:\Users\GregoR\AppData\Local\Temppq3748.html moved successfully.
C:\Users\GregoR\AppData\Local\Temppw1112.html moved successfully.
C:\Users\GregoR\AppData\Local\TempQA3696.html moved successfully.
C:\Users\GregoR\AppData\Local\TempQd4920.html moved successfully.
C:\Users\GregoR\AppData\Local\TemprH2388.html moved successfully.
C:\Users\GregoR\AppData\Local\Temprk4176.html moved successfully.
C:\Users\GregoR\AppData\Local\Temprk5132.html moved successfully.
C:\Users\GregoR\AppData\Local\TempRL3096.html moved successfully.
C:\Users\GregoR\AppData\Local\TempRV4552.html moved successfully.
C:\Users\GregoR\AppData\Local\TemprX4548.html moved successfully.
C:\Users\GregoR\AppData\Local\TempRZ3696.html moved successfully.
C:\Users\GregoR\AppData\Local\TempSe3028.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempsf3096.html moved successfully.
C:\Users\GregoR\AppData\Local\TempsK3404.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempsk6024.html moved successfully.
C:\Users\GregoR\AppData\Local\TempSS6084.html moved successfully.
C:\Users\GregoR\AppData\Local\TempTH1584.html moved successfully.
C:\Users\GregoR\AppData\Local\TempTq1044.html moved successfully.
C:\Users\GregoR\AppData\Local\TempuA3784.html moved successfully.
C:\Users\GregoR\AppData\Local\TempuC1728.html moved successfully.
C:\Users\GregoR\AppData\Local\TempUG1012.html moved successfully.
C:\Users\GregoR\AppData\Local\TempUM3924.html moved successfully.
C:\Users\GregoR\AppData\Local\TempuU2388.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempvc1424.html moved successfully.
C:\Users\GregoR\AppData\Local\TempVP4648.html moved successfully.
C:\Users\GregoR\AppData\Local\TempWa1652.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempwa4944.html moved successfully.
C:\Users\GregoR\AppData\Local\TempWm3784.html moved successfully.
C:\Users\GregoR\AppData\Local\TempWo1044.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempwr3924.html moved successfully.
C:\Users\GregoR\AppData\Local\TempWW4280.html moved successfully.
C:\Users\GregoR\AppData\Local\TempxN4028.html moved successfully.
C:\Users\GregoR\AppData\Local\TempxO3896.html moved successfully.
C:\Users\GregoR\AppData\Local\TempxY3264.html moved successfully.
C:\Users\GregoR\AppData\Local\TempxZ1136.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempyp1640.html moved successfully.
C:\Users\GregoR\AppData\Local\TempYp2680.html moved successfully.
C:\Users\GregoR\AppData\Local\Tempyt4552.html moved successfully.
C:\Users\GregoR\AppData\Local\TempzG1640.html moved successfully.
C:\Users\GregoR\AppData\Local\TempZH2944.html moved successfully.
C:\Users\GregoR\AppData\Local\TempZU5408.html moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GregoR
->Flash cache emptied: 834 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GregoR
->Temp folder emptied: 7768 bytes
->Temporary Internet Files folder emptied: 475270 bytes
->Java cache emptied: 1443254 bytes
->FireFox cache emptied: 66477656 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06272011_204256

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[/log]
[log]OTL logfile created on: 2011-06-27 21:14:49 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,72% Memory free
3,99 Gb Paging File | 2,98 Gb Available in Paging File | 74,82% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 5,54 Gb Free Space | 7,44% Space Free | Partition Type: NTFS
Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS

Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe
PRC - [2011-06-26 21:36:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-06-16 22:23:05 | 000,494,160 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
PRC - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe
PRC - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe
PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe
PRC - [2011-04-27 20:29:10 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe
PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe
PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2010-11-20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
PRC - [2010-10-24 20:20:18 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2010-10-24 20:20:18 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2010-10-24 20:20:16 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2010-10-24 20:20:16 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2010-10-24 20:20:16 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010-09-21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe
PRC - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010-04-13 17:25:00 | 008,555,040 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010-04-13 17:24:58 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010-03-25 13:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010-03-10 18:49:06 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2010-03-10 18:49:04 | 001,697,064 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2010-02-28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010-02-22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010-02-05 17:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-12-31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe
PRC - [2009-12-25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009-11-05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009-08-13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009-07-28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008-10-25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe
MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010-11-20 14:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2010-11-20 14:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe -- (ABConfSV)
SRV - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV - [2011-04-24 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-03-29 20:27:22 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup)
SRV - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2)
SRV - [2011-02-28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
SRV - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe)
SRV - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009-10-06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-03-05 23:13:53 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
DRV - [2011-02-13 00:10:25 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-10-26 14:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-04-24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010-04-24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010-04-24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010-04-24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010-04-09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2010-04-09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-03-25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-03-12 11:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-11-06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009-07-30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009-06-22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-01-18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk)
DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-26 21:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-14 16:41:09 | 000,000,000 | ---D | M]

[2011-03-22 23:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Extensions
[2011-05-24 16:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Firefox\Profiles\9tb51cpr.default\extensions
[2011-04-25 13:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-04-24 22:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-04-25 13:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl
File not found (No name found) --
() (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011-06-26 21:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-06-27 15:36:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]NBAgent[/b] - hkey= - key= - c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: [b]SUPERAntiSpyware[/b] - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Toshiba Registration[/b] - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: [b]Toshiba TEMPRO[/b] - hkey= - key= - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: [b]ToshibaServiceStation[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: [b]TosVolRegulator[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: [b]TWebCamera[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-06-27 20:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011-06-27 20:42:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-06-27 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-06-27 16:36:20 | 000,000,000 | ---D | C] -- C:\rsit
[2011-06-27 15:41:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-06-27 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\temp
[2011-06-27 15:35:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-06-27 15:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-06-27 15:17:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-06-27 15:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-06-27 15:16:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-06-27 15:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-27 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\RGE
[2011-06-27 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarterBackgroundChanger
[2011-06-27 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\Apple Computer
[2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple Computer
[2011-06-14 16:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-06-14 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-06-14 16:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011-06-14 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011-06-14 16:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011-06-14 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple
[2011-06-14 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-06-14 16:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-06-09 18:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-06-07 19:22:19 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{DAC5946F-369C-485B-A88B-4694B723F4DD}
[2011-06-01 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Disco Polo
[2011-06-01 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\muzyyka
[2011-06-01 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\U3
[2011-05-31 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Arena Wysoka
[2011-05-31 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Muza Od Rafała
[2011-05-30 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\CyberLink
[2011-05-30 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\CyberLink
[2011-05-30 14:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011-05-30 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011-05-30 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011-05-26 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
[2011-05-26 15:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena
[2011-05-26 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
[2011-05-26 14:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2011-05-23 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\blueconnect
[2011-05-20 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\178
[2011-05-17 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{5FD28280-6D76-4821-AE2D-F1515299904D}
[2011-05-17 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{3495CC1B-D975-45D7-B3E8-E2D141E75797}
[2011-05-16 18:46:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\Notesy programu OneNote
[2011-05-16 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{4B0ED46E-60AF-44CC-9E70-0F3B7AE14376}
[2011-05-13 15:10:01 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{D95E359E-926A-4274-9350-293317FBEB5E}
[2011-05-13 07:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011-05-13 07:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011-05-12 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Energy_Mix_-_Volume_24_2011
[2011-05-10 22:40:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
[2011-05-10 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\NetMeter
[2011-05-08 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011-05-04 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\AIMP
[2011-05-04 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2
[2011-05-04 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2
[2011-05-04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2_PL
[2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0
[2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\.thumbnails
[2011-05-04 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011-05-04 16:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011-05-04 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Mp3

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-06-27 21:21:06 | 003,670,016 | -HS- | M] () -- C:\Users\GregoR\NTUSER.DAT
[2011-06-27 21:02:27 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-27 21:02:27 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-27 20:57:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job
[2011-06-27 20:54:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-06-27 20:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-27 20:54:45 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-27 20:54:00 | 005,586,367 | -H-- | M] () -- C:\Users\GregoR\AppData\Local\IconCache.db
[2011-06-27 20:51:02 | 000,001,804 | ---- | M] () -- C:\Users\GregoR\Desktop\AD-R.lnk
[2011-06-27 15:36:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011-06-27 15:36:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-06-27 13:43:11 | 001,559,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-06-27 13:43:11 | 000,701,704 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-06-27 13:43:11 | 000,619,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-27 13:43:11 | 000,136,432 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-06-27 13:43:11 | 000,107,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-27 13:05:12 | 000,000,017 | ---- | M] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg
[2011-06-27 12:13:14 | 000,013,812 | ---- | M] () -- C:\Windows\System32\results.xml
[2011-06-25 22:57:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job
[2011-06-14 16:43:45 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-06-14 16:40:49 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-06-09 07:43:46 | 000,000,855 | ---- | M] () -- C:\Users\GregoR\.recently-used.xbel
[2011-06-09 07:37:31 | 000,135,624 | ---- | M] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png
[2011-06-05 13:19:53 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011-05-31 08:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011-05-30 14:26:44 | 000,000,000 | ---- | M] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList
[2011-05-30 14:25:21 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011-05-26 18:05:52 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2011-05-26 15:54:31 | 000,000,952 | ---- | M] () -- C:\Windows\QIII.INI
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-05-26 07:37:35 | 000,000,099 | ---- | M] () -- C:\Users\GregoR\Desktop\Bass-party.pls
[2011-05-26 07:34:29 | 000,000,071 | ---- | M] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u
[2011-05-25 14:59:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011-05-25 09:56:55 | 000,006,503 | ---- | M] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0
[2011-05-20 10:35:56 | 000,029,334 | ---- | M] () -- C:\Users\GregoR\Desktop\Sygna.jpg
[2011-05-13 07:00:15 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011-05-12 21:14:10 | 134,231,803 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3
[2011-05-12 21:12:30 | 127,388,193 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3
[2011-05-12 21:09:42 | 074,673,508 | ---- | M] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3
[2011-05-04 20:39:12 | 000,111,224 | ---- | M] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT
[2011-05-04 19:20:43 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011-05-04 17:46:34 | 003,771,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-05-04 17:44:34 | 000,001,322 | ---- | M] () -- C:\Users\GregoR\Desktop\metin2.lnk
[2011-05-04 16:02:24 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-06-27 20:51:02 | 000,001,804 | ---- | C] () -- C:\Users\GregoR\Desktop\AD-R.lnk
[2011-06-27 15:17:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-06-27 15:17:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-06-27 15:17:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-06-27 15:17:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-06-27 15:17:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-27 13:05:12 | 000,000,017 | ---- | C] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg
[2011-06-14 16:43:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-06-14 16:40:49 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-06-14 16:39:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011-06-09 07:43:46 | 000,000,855 | ---- | C] () -- C:\Users\GregoR\.recently-used.xbel
[2011-06-09 07:37:22 | 000,135,624 | ---- | C] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png
[2011-06-05 13:19:53 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011-05-31 08:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011-05-30 14:26:44 | 000,000,000 | ---- | C] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList
[2011-05-30 14:25:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\PowerDVD.lnk
[2011-05-26 18:05:52 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2011-05-26 14:41:34 | 000,000,952 | ---- | C] () -- C:\Windows\QIII.INI
[2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011-05-26 07:37:28 | 000,000,099 | ---- | C] () -- C:\Users\GregoR\Desktop\Bass-party.pls
[2011-05-26 07:34:27 | 000,000,071 | ---- | C] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u
[2011-05-25 14:59:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011-05-25 09:56:55 | 000,006,503 | ---- | C] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0
[2011-05-20 10:28:11 | 000,029,334 | ---- | C] () -- C:\Users\GregoR\Desktop\Sygna.jpg
[2011-05-13 07:00:15 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011-05-12 21:01:47 | 074,673,508 | ---- | C] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3
[2011-05-12 21:01:23 | 134,231,803 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3
[2011-05-12 21:00:45 | 127,388,193 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3
[2011-05-04 19:20:39 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk
[2011-05-04 17:44:34 | 000,001,322 | ---- | C] () -- C:\Users\GregoR\Desktop\metin2.lnk
[2011-05-04 16:02:24 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011-02-27 19:38:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011-02-27 19:28:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011-02-24 13:23:43 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2011-02-17 08:46:01 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011-01-30 14:48:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-30 14:48:00 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-01-30 14:48:00 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2011-01-30 14:47:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-12-18 20:08:07 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010-12-04 12:35:23 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-11-28 13:29:36 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini
[2010-11-28 13:29:36 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2010-11-28 13:29:04 | 000,001,094 | ---- | C] () -- C:\Windows\adiras.ini
[2010-11-28 13:29:03 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe
[2010-11-28 13:29:03 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe
[2010-11-28 13:29:00 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE
[2010-11-28 13:28:51 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN
[2010-11-28 13:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe
[2010-11-28 13:28:45 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN
[2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN
[2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN
[2010-11-28 13:28:38 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN
[2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN
[2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN
[2010-11-28 13:28:37 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN
[2010-11-28 13:28:37 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN
[2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN
[2010-11-20 16:21:33 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-11-20 16:21:33 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010-11-20 14:09:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-11-20 13:51:38 | 005,586,367 | -H-- | C] () -- C:\Users\GregoR\AppData\Local\IconCache.db
[2010-11-20 13:41:28 | 000,111,224 | ---- | C] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-09-25 20:07:48 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010-09-25 19:44:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2010-09-25 19:41:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010-09-25 19:34:49 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010-09-25 19:34:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010-05-20 14:11:01 | 001,559,892 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-07-14 10:07:57 | 000,701,704 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2009-07-14 10:07:57 | 000,136,432 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 06:33:53 | 003,771,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 04:05:48 | 000,619,356 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 04:05:48 | 000,107,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009-07-14 04:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009-07-14 04:04:23 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini
[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-04-28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-06-07 07:11:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\AIMP
[2011-05-30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\BitComet
[2011-05-23 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\blueconnect
[2011-02-24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\COWON
[2010-12-04 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\DAEMON Tools Lite
[2011-04-15 06:35:58 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\FOG Downloader
[2010-11-20 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Gadu-Gadu 10
[2011-06-09 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0
[2011-03-26 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\IObit
[2011-02-17 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\ipla
[2010-11-21 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\MargonemMapki
[2011-05-10 22:35:12 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\NetMeter
[2010-11-20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\OpenFM
[2011-01-22 22:15:34 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\PhotoFiltre
[2010-11-20 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RDRM
[2011-06-27 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RGE
[2011-02-27 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Samsung
[2010-12-23 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\SoftGrid Client
[2010-11-30 19:57:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010-12-11 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Tibia
[2010-11-20 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Toshiba
[2010-11-21 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TP
[2010-12-17 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TS3Client
[2011-03-13 23:46:03 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TuneUp Software
[2010-12-11 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\WinBatch
[2011-04-01 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Windows Live Writer
[2011-06-21 13:22:52 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011-06-27 15:40:53 | 000,025,851 | ---- | M] () -- C:\ComboFix.txt
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-06-27 20:54:45 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-06-27 20:54:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-09-25 19:35:55 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log
[2010-06-25 07:15:15 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >
[/log]
[log]OTL Extras logfile created on: 2011-06-27 21:14:49 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,72% Memory free
3,99 Gb Paging File | 2,98 Gb Available in Paging File | 74,82% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 5,54 Gb Free Space | 7,44% Space Free | Partition Type: NTFS
Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS

Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03}" = Windows Live Family Safety
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{9FE65E62-D027-47F7-B32D-8CAC60026D75}" = ArcaVir
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a6f85984-f0c1-42f1-95a5-3d8f9bdace2d}" = Nero 9 Essentials
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ad-Remover" = Ad-Remover par C_XX
"AIMP2" = AIMP2
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"BitComet" = BitComet 1.25
"blueconnect" = blueconnect
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Gadu-Gadu 10" = Gadu-Gadu 10
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ipla" = ipla 2.2.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl)
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"Picasa 3" = Picasa 3
"Quake III Arena" = Quake III Arena
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Speccy" = Speccy
"StarterBackgroundChanger" = StarterBackgroundChanger
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tibia_is1" = Tibia
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-06-02 06:05:34 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-06-02 06:05:49 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster
aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program
files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu
"language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2011-06-02 11:20:39 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 13
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 8193
Description =

Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = System Restore | ID = 8193
Description =

Error - 2011-06-05 05:39:08 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-05 05:42:32 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-05 05:42:33 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227
Description =

Error - 2011-06-06 15:50:41 | Computer Name = GregoR-TOSHIBA | Source = DUMeterSvc | ID = 1
Description =

[ OSession Events ]
Error - 2011-02-18 02:03:55 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1233
seconds with 720 seconds of active time. This session ended with a crash.

Error - 2011-02-18 02:14:25 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 567
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-06-27 14:44:21 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058

Error - 2011-06-27 14:46:36 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-06-27 14:46:38 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011-06-27 14:54:43 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-06-27 14:54:48 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-06-27 14:54:51 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058

Error - 2011-06-27 14:55:21 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-06-27 14:55:22 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2011-06-27 14:55:33 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2011-06-27 14:55:36 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
[/log]


Chciałem również się spytać jak w tym windowsie 7 starter zmienić wygląd paska start, gdyż od dawna mam z nim problem mianowicie jest on taki jak w windowsie 95 czy 98 (szary).Próbowałem przez zmień schemat kolorów lecz niema tam tego prawidłowego z tego windowsa. Są tylko jakieś mocno kontrastowe, czy jest jakiś bezpieczny program który zmieniłby mi wygląd tego paska jak widać nie dam rady zmienić na ten ORYGINALNY WINDOWSOWSKI

wirusolog
komentarz
komentarz

Została mała poprawka no i kroki końcowe.

[hr]

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:OTL
O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found.
[2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl
File not found (No name found) --
() (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found
[/code]
Kliknij w [b]Wykonaj Skrypt[/b].

[b]2.[/b] W OTL wciśnij przycisk [b]Sprzątanie[/b].

[b]3.[/b] Uruchom Ad-Remover'a i wciśnij [b]UNINSTALL[/b].

[b]4.[/b] Odinstaluj prawidłowo ComboFix'a:
Start>>>Uruchom>>>wklep tam to:
[b]"c:\users\GregoR\Downloads\ComboFix.exe" /uninstall[/b]
wciśnij ENTER. ComboFix zostanie odinstalowany.

[b]5.[/b] Aktualizacja zabezpieczeń:
[quote]
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish
[/quote]
[url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][b][color="#0000FF"]Java 6 Update 26[/color][/b][/url] / [url="http://get.adobe.com/reader/"][color="#0000FF"][b]Adobe Reader X (10.1)[/b][/color][/url] / [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.26[/b][/color][/url] / możesz zaktualizować Kodeki do wersji [url=http://www.dobreprogramy.pl/KLite-Codec-Pack,Program,Windows,13137.html][b][color=blue][u]7.20[/url][/b][/color][/u] / i Skype do wersji [url=http://www.dobreprogramy.pl/Skype,Program,Windows,13018.html][b][color=blue][u]5.3[/url][/b][/color][/u]

[b]6.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u]

[b]7.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy).

  • Dobra wypowiedź 1
grzalu123
komentarz
komentarz (edytowane)

Wszystkie wskazane kroki zostały wykonane prosze nowe logi:

[log]========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}\ not found.
C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\ not found.

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_110639
[/log]
[log]Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Wersja bazy: 6966

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011-06-28 13:38:40
mbam-log-2011-06-28 (13-38-40).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|Q:\|)
Przeskanowano obiektów: 291970
Upłynęło: 2 godzin(y), 6 minut(y), 35 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)
[/log]

Pozostaje chyba teraz tylko kwestia wcześniej pisanego przeze mnie problemu związanego z starym wyglądem pasku start i niemożliwości zmiany na oryginalny wygląd windows 7 (niebieskiego). A mam szaro i buro :(

@edit

Czy mogę usunąć już tego antywirusa? bo jest to wersja trial.

wirusolog
komentarz
komentarz

Jakiego Antyvirusa? O co Ci chodzi?
Co do Twojego problemu - to nie jest ten dział, @[b]Moderator[/b] powinnien przenieśc temat do innego działu.

  • Dobra wypowiedź 1
grzalu123
komentarz
komentarz

Znaczy sie pisząc antywirus miałem na myśli ten programik : MBAM czy mogę go odinstalować ? Aha jeszcze jedno dzięki za pomoc leci + dla ciebie.

wirusolog
komentarz
komentarz

Po co odinstalowywać? To jest bardzo dobry skaner, warto nim skanować raz w tygodniu!

grzalu123
komentarz
komentarz

Ok będę nim skanował kiedy tylko się da. A powiedz mi jak możesz w jakim dziale mogę napisać temat o tym pasku start?
Jeszcze raz dzięki za pomoc!!!

wirusolog
komentarz
komentarz

W dziale [url=http://www.forumpc.pl/index.php?showforum=164][b][color=blue][u]Windows 7[/url][/b][/color][/u].

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.