grzalu123 utworzono 27 czerwca 2011 utworzono 27 czerwca 2011 (edytowane) Proszę o sprawdzenie logów z combofix'a, gdyż ostatnimi czasy bardzo mi zwolnił system: [url="http://wklej.org/id/553508/"]LOG KLIK[/url] [log]OTL logfile created on: 2011-06-27 16:12:01 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,41% Memory free 3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,89% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 5,63 Gb Free Space | 7,55% Space Free | Partition Type: NTFS Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe PRC - [2011-06-26 21:36:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-06-16 22:23:05 | 000,494,160 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe PRC - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe PRC - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe PRC - [2011-04-27 20:29:10 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe PRC - [2010-11-20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2010-11-20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-11-20 14:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe PRC - [2010-10-24 20:20:18 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-10-24 20:20:18 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-10-24 20:20:16 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-10-24 20:20:16 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-10-24 20:20:16 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2010-09-21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010-09-21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe PRC - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010-04-13 17:25:00 | 008,555,040 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010-04-13 17:24:58 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010-03-25 13:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2010-03-10 18:49:06 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2010-03-10 18:49:04 | 001,697,064 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2010-02-28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2010-02-22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe PRC - [2010-02-05 17:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe PRC - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe PRC - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-12-31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe PRC - [2009-12-25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009-11-05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2009-08-13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe PRC - [2009-07-28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008-10-25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010-11-20 14:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2010-11-20 14:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService) SRV - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe -- (ABConfSV) SRV - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV) SRV - [2011-04-24 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-03-29 20:27:22 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup) SRV - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2) SRV - [2011-02-28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate) SRV - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe) SRV - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService) SRV - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009-10-06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-05 23:13:53 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT) DRV - [2011-02-13 00:10:25 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-10-26 14:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI) DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010-04-24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010-04-24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010-04-24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010-04-24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010-04-09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010-04-09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-03-25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-03-12 11:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009-11-06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) DRV - [2009-07-30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2009-07-14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009-06-22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect) DRV - [2009-01-18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk) DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240 IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-26 21:36:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-14 16:41:09 | 000,000,000 | ---D | M] [2011-03-22 23:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Extensions [2011-05-24 16:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Firefox\Profiles\9tb51cpr.default\extensions [2011-04-25 13:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-04-24 22:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-04-25 13:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl File not found (No name found) -- () (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011-06-26 21:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-27 15:36:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b]NBAgent[/b] - hkey= - key= - c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: [b]SUPERAntiSpyware[/b] - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Toshiba Registration[/b] - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) MsConfig - StartUpReg: [b]Toshiba TEMPRO[/b] - hkey= - key= - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) MsConfig - StartUpReg: [b]ToshibaServiceStation[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) MsConfig - StartUpReg: [b]TosNC[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TosReelTimeMonitor[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TosVolRegulator[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) MsConfig - StartUpReg: [b]TWebCamera[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-27 15:41:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-06-27 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\temp [2011-06-27 15:35:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-06-27 15:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-06-27 15:17:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-06-27 15:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-06-27 15:16:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-06-27 15:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-06-27 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\RGE [2011-06-27 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarterBackgroundChanger [2011-06-27 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\Apple Computer [2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple Computer [2011-06-14 16:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011-06-14 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-14 16:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011-06-14 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-06-14 16:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011-06-14 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple [2011-06-14 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-06-14 16:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-06-09 18:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-06-07 19:22:19 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{DAC5946F-369C-485B-A88B-4694B723F4DD} [2011-06-01 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Disco Polo [2011-06-01 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\muzyyka [2011-06-01 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\U3 [2011-05-31 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Arena Wysoka [2011-05-31 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Muza Od Rafała [2011-05-30 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\CyberLink [2011-05-30 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\CyberLink [2011-05-30 14:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011-05-30 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2011-05-30 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2011-05-26 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-05-26 15:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena [2011-05-26 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com [2011-05-26 14:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer [2011-05-23 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\blueconnect [2011-05-20 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\178 [2011-05-17 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{5FD28280-6D76-4821-AE2D-F1515299904D} [2011-05-17 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{3495CC1B-D975-45D7-B3E8-E2D141E75797} [2011-05-16 18:46:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\Notesy programu OneNote [2011-05-16 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{4B0ED46E-60AF-44CC-9E70-0F3B7AE14376} [2011-05-13 15:10:01 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{D95E359E-926A-4274-9350-293317FBEB5E} [2011-05-13 07:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2011-05-13 07:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2011-05-12 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Energy_Mix_-_Volume_24_2011 [2011-05-10 22:40:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter [2011-05-10 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\NetMeter [2011-05-08 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software [2011-05-04 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\AIMP [2011-05-04 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2 [2011-05-04 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2011-05-04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0 [2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\.thumbnails [2011-05-04 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011-05-04 16:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2011-05-04 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-27 16:20:52 | 003,670,016 | -HS- | M] () -- C:\Users\GregoR\NTUSER.DAT [2011-06-27 16:16:10 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 16:16:10 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 16:08:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-06-27 16:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-27 16:08:30 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys [2011-06-27 15:55:00 | 005,491,613 | -H-- | M] () -- C:\Users\GregoR\AppData\Local\IconCache.db [2011-06-27 15:36:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2011-06-27 15:36:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-06-27 14:57:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job [2011-06-27 13:43:11 | 001,559,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-06-27 13:43:11 | 000,701,704 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-27 13:43:11 | 000,619,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-27 13:43:11 | 000,136,432 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-27 13:43:11 | 000,107,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-27 13:05:12 | 000,000,017 | ---- | M] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg [2011-06-27 12:13:14 | 000,013,812 | ---- | M] () -- C:\Windows\System32\results.xml [2011-06-25 22:57:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job [2011-06-22 22:32:44 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Temped3324.html [2011-06-20 20:45:23 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempOY4020.html [2011-06-19 22:29:39 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempZH2944.html [2011-06-19 22:29:39 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempCW2944.html [2011-06-17 23:20:00 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Tempin3264.html [2011-06-17 23:20:00 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempxY3264.html [2011-06-17 18:43:21 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempRL3096.html [2011-06-17 18:43:21 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\Tempsf3096.html [2011-06-14 16:43:45 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-06-14 16:40:49 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-06-13 22:22:02 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempWm3784.html [2011-06-13 22:22:02 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempuA3784.html [2011-06-12 20:13:13 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempYp2680.html [2011-06-09 07:43:46 | 000,000,855 | ---- | M] () -- C:\Users\GregoR\.recently-used.xbel [2011-06-09 07:37:31 | 000,135,624 | ---- | M] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png [2011-06-07 16:14:58 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TemphC3204.html [2011-06-05 22:43:45 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempGn3404.html [2011-06-05 22:43:45 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempsK3404.html [2011-06-05 13:19:53 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2011-05-31 08:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-05-30 14:26:44 | 000,000,000 | ---- | M] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList [2011-05-30 14:25:21 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\PowerDVD.lnk [2011-05-26 18:05:52 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI [2011-05-26 15:54:31 | 000,000,952 | ---- | M] () -- C:\Windows\QIII.INI [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-05-26 07:37:35 | 000,000,099 | ---- | M] () -- C:\Users\GregoR\Desktop\Bass-party.pls [2011-05-26 07:34:29 | 000,000,071 | ---- | M] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u [2011-05-25 22:39:51 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempGy2576.html [2011-05-25 20:36:45 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempIO1984.html [2011-05-25 14:59:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-05-25 09:56:55 | 000,006,503 | ---- | M] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0 [2011-05-24 21:08:16 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempMr1752.html [2011-05-21 14:17:46 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempiZ3028.html [2011-05-21 14:17:46 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempSe3028.html [2011-05-20 10:35:56 | 000,029,334 | ---- | M] () -- C:\Users\GregoR\Desktop\Sygna.jpg [2011-05-15 20:56:16 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempdT2924.html [2011-05-15 14:03:33 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempHY1632.html [2011-05-15 14:03:33 | 000,002,089 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempOo1632.html [2011-05-13 07:00:15 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2011-05-12 21:14:10 | 134,231,803 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3 [2011-05-12 21:12:30 | 127,388,193 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3 [2011-05-12 21:09:42 | 074,673,508 | ---- | M] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3 [2011-05-04 20:39:12 | 000,111,224 | ---- | M] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-05-04 19:20:43 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-05-04 17:46:34 | 003,771,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-05-04 17:44:34 | 000,001,322 | ---- | M] () -- C:\Users\GregoR\Desktop\metin2.lnk [2011-05-04 16:02:24 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011-05-04 13:49:35 | 000,002,432 | ---- | M] () -- C:\Users\GregoR\AppData\Local\TempAqA984.html [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-27 15:17:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-06-27 15:17:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-06-27 15:17:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-06-27 15:17:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-06-27 15:17:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-06-27 13:05:12 | 000,000,017 | ---- | C] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg [2011-06-22 20:40:14 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temped3324.html [2011-06-20 20:16:08 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempOY4020.html [2011-06-19 19:43:00 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempZH2944.html [2011-06-19 19:43:00 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCW2944.html [2011-06-17 21:46:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempin3264.html [2011-06-17 21:46:51 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxY3264.html [2011-06-17 18:37:45 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRL3096.html [2011-06-17 18:37:45 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempsf3096.html [2011-06-14 16:43:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-06-14 16:40:49 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-06-14 16:39:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011-06-13 21:35:26 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWm3784.html [2011-06-13 21:35:26 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuA3784.html [2011-06-12 20:11:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempYp2680.html [2011-06-09 07:43:46 | 000,000,855 | ---- | C] () -- C:\Users\GregoR\.recently-used.xbel [2011-06-09 07:37:22 | 000,135,624 | ---- | C] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png [2011-06-07 16:14:07 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemphC3204.html [2011-06-05 22:22:02 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGn3404.html [2011-06-05 22:22:02 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempsK3404.html [2011-06-05 13:19:53 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-05-31 08:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-05-30 14:26:44 | 000,000,000 | ---- | C] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList [2011-05-30 14:25:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\PowerDVD.lnk [2011-05-26 18:05:52 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2011-05-26 14:41:34 | 000,000,952 | ---- | C] () -- C:\Windows\QIII.INI [2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-05-26 07:37:28 | 000,000,099 | ---- | C] () -- C:\Users\GregoR\Desktop\Bass-party.pls [2011-05-26 07:34:27 | 000,000,071 | ---- | C] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u [2011-05-25 21:43:05 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGy2576.html [2011-05-25 18:56:41 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempIO1984.html [2011-05-25 14:59:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-05-25 09:56:55 | 000,006,503 | ---- | C] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0 [2011-05-24 20:23:34 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempMr1752.html [2011-05-21 14:12:21 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempiZ3028.html [2011-05-21 14:12:21 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempSe3028.html [2011-05-20 10:28:11 | 000,029,334 | ---- | C] () -- C:\Users\GregoR\Desktop\Sygna.jpg [2011-05-15 20:28:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempdT2924.html [2011-05-15 11:20:13 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempHY1632.html [2011-05-15 11:20:13 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempOo1632.html [2011-05-13 07:00:15 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2011-05-12 21:01:47 | 074,673,508 | ---- | C] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3 [2011-05-12 21:01:23 | 134,231,803 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3 [2011-05-12 21:00:45 | 127,388,193 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3 [2011-05-04 19:20:39 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-05-04 17:44:34 | 000,001,322 | ---- | C] () -- C:\Users\GregoR\Desktop\metin2.lnk [2011-05-04 16:02:24 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011-05-04 13:49:09 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempAqA984.html [2011-04-04 21:05:02 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempUG1012.html [2011-04-04 21:05:02 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemplY1012.html [2011-04-03 21:36:49 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempvc1424.html [2011-04-03 21:36:49 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempoY1424.html [2011-03-28 20:42:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempnf2576.html [2011-03-05 17:10:30 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Templl5132.html [2011-03-05 17:10:30 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temprk5132.html [2011-03-04 19:58:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDE2640.html [2011-03-04 12:04:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxZ1136.html [2011-03-04 12:04:28 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGM1136.html [2011-02-27 19:38:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011-02-27 19:28:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011-02-24 13:23:43 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-02-23 21:46:48 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWo1044.html [2011-02-23 21:46:48 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempTq1044.html [2011-02-20 20:31:05 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempfo4784.html [2011-02-17 08:46:01 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011-02-11 22:46:42 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemphO2852.html [2011-01-30 14:48:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-01-30 14:48:00 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-01-30 14:48:00 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2011-01-30 14:47:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-01-29 20:42:16 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempjc1584.html [2011-01-29 20:42:16 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempTH1584.html [2011-01-20 20:33:10 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempjM6084.html [2011-01-20 20:33:10 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempSS6084.html [2010-12-19 20:32:01 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temppw1112.html [2010-12-18 20:08:07 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010-12-14 23:25:49 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempJD3416.html [2010-12-11 15:15:25 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempLA5904.html [2010-12-11 14:07:26 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempel1632.html [2010-12-10 22:27:14 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuC1728.html [2010-12-10 16:34:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFK4932.html [2010-12-09 16:03:43 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempPI5552.html [2010-12-09 16:03:43 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempgS5552.html [2010-12-09 09:36:30 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxN4028.html [2010-12-08 23:35:20 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWa1652.html [2010-12-08 16:09:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcY6028.html [2010-12-07 16:10:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempNE5904.html [2010-12-06 22:36:42 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempuU2388.html [2010-12-06 22:36:42 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemprH2388.html [2010-12-06 21:16:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempkR5540.html [2010-12-06 17:22:16 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBx5864.html [2010-12-06 17:22:16 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempEB5864.html [2010-12-06 08:16:46 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempjn3588.html [2010-12-05 22:13:24 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCzw512.html [2010-12-05 22:10:50 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBB4284.html [2010-12-05 15:31:32 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGI5892.html [2010-12-04 19:55:39 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempNt1308.html [2010-12-04 15:30:09 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempWW4280.html [2010-12-04 12:35:23 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010-12-04 11:33:32 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempMl4560.html [2010-12-04 11:33:32 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempei4560.html [2010-12-03 23:35:36 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempsk6024.html [2010-12-03 19:50:33 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TemprX4548.html [2010-12-03 13:12:20 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempPl1544.html [2010-12-03 13:12:20 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempgg1544.html [2010-12-01 23:00:25 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDs4636.html [2010-12-01 23:00:25 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempaD4636.html [2010-12-01 18:07:37 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempfe6036.html [2010-11-30 23:12:06 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempIoh504.html [2010-11-28 18:55:06 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempgi1336.html [2010-11-28 13:29:36 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini [2010-11-28 13:29:36 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini [2010-11-28 13:29:04 | 000,001,094 | ---- | C] () -- C:\Windows\adiras.ini [2010-11-28 13:29:03 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe [2010-11-28 13:29:03 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe [2010-11-28 13:29:00 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE [2010-11-28 13:28:51 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN [2010-11-28 13:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe [2010-11-28 13:28:45 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN [2010-11-28 13:28:38 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN [2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN [2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN [2010-11-28 13:28:37 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN [2010-11-28 13:28:37 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN [2010-11-27 21:49:53 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFL4788.html [2010-11-27 17:33:41 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempQd4920.html [2010-11-27 14:22:59 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDTI700.html [2010-11-25 21:35:38 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFD2736.html [2010-11-25 16:27:55 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcM5452.html [2010-11-25 16:27:55 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBV5452.html [2010-11-25 15:54:21 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempnc3688.html [2010-11-25 15:54:21 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDW3688.html [2010-11-25 09:22:50 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempee4736.html [2010-11-23 22:05:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempGRw892.html [2010-11-23 16:29:37 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempzG1640.html [2010-11-23 16:29:37 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempyp1640.html [2010-11-22 20:12:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFO4352.html [2010-11-22 20:12:28 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempDV4352.html [2010-11-22 16:12:28 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temprk4176.html [2010-11-21 21:53:19 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempxO3896.html [2010-11-21 20:56:35 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempZU5408.html [2010-11-21 16:40:40 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempwa4944.html [2010-11-21 11:42:35 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempFi4648.html [2010-11-21 11:42:35 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempVP4648.html [2010-11-21 10:27:03 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempoV5152.html [2010-11-21 10:27:03 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempoj5152.html [2010-11-20 23:47:27 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempCt4684.html [2010-11-20 22:39:03 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Temppq3748.html [2010-11-20 21:01:59 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRV4552.html [2010-11-20 21:01:59 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempyt4552.html [2010-11-20 20:43:51 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempUM3924.html [2010-11-20 20:19:33 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempwr3924.html [2010-11-20 16:21:33 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-11-20 16:21:33 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-11-20 15:33:22 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempQA3696.html [2010-11-20 15:33:22 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempRZ3696.html [2010-11-20 14:44:36 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\Tempia1108.html [2010-11-20 14:44:36 | 000,002,089 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempBd1108.html [2010-11-20 14:10:12 | 000,002,432 | ---- | C] () -- C:\Users\GregoR\AppData\Local\TempcO4772.html [2010-11-20 14:09:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-11-20 13:51:38 | 005,491,613 | -H-- | C] () -- C:\Users\GregoR\AppData\Local\IconCache.db [2010-11-20 13:41:28 | 000,111,224 | ---- | C] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT [2010-09-25 20:07:48 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010-09-25 19:44:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2010-09-25 19:41:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010-09-25 19:34:49 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010-09-25 19:34:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010-05-20 14:11:01 | 001,559,892 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2009-07-14 10:07:57 | 000,701,704 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,432 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 003,771,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,619,356 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [color=#E56717]========== LOP Check ==========[/color] [2011-06-07 07:11:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\AIMP [2011-05-30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\BitComet [2011-05-23 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\blueconnect [2011-02-24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\COWON [2010-12-04 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\DAEMON Tools Lite [2011-04-15 06:35:58 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\FOG Downloader [2010-11-20 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Gadu-Gadu 10 [2011-06-09 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0 [2011-03-26 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\IObit [2011-02-17 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\ipla [2010-11-21 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\MargonemMapki [2011-05-10 22:35:12 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\NetMeter [2010-11-20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\OpenFM [2011-01-22 22:15:34 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\PhotoFiltre [2010-11-20 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RDRM [2011-06-27 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RGE [2011-02-27 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Samsung [2010-12-23 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\SoftGrid Client [2010-11-30 19:57:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010-12-11 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Tibia [2010-11-20 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Toshiba [2010-11-21 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TP [2010-12-17 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TS3Client [2011-03-13 23:46:03 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TuneUp Software [2010-12-11 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\WinBatch [2011-04-01 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Windows Live Writer [2011-06-21 13:22:52 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011-06-27 15:40:53 | 000,025,851 | ---- | M] () -- C:\ComboFix.txt [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-06-27 16:08:30 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-27 16:08:32 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010-09-25 19:35:55 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log [2010-06-25 07:15:15 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >[/log] [log]OTL Extras logfile created on: 2011-06-27 16:12:01 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,41% Memory free 3,99 Gb Paging File | 2,99 Gb Available in Paging File | 74,89% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 5,63 Gb Free Space | 7,55% Space Free | Partition Type: NTFS Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03}" = Windows Live Family Safety "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook "{9FE65E62-D027-47F7-B32D-8CAC60026D75}" = ArcaVir "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{a6f85984-f0c1-42f1-95a5-3d8f9bdace2d}" = Nero 9 Essentials "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIMP2" = AIMP2 "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "BitComet" = BitComet 1.25 "blueconnect" = blueconnect "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "conduitEngine" = Conduit Engine "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "ENTERPRISE" = Microsoft Office Enterprise 2007 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Icy Tower v1.4_is1" = Icy Tower v1.4 "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board "InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "ipla" = ipla 2.2.1 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mobile Partner" = Mobile Partner "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Picasa 3" = Picasa 3 "Quake III Arena" = Quake III Arena "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Softonic-Polska Toolbar" = Softonic-Polska Toolbar "Speccy" = Speccy "StarterBackgroundChanger" = StarterBackgroundChanger "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tibia_is1" = Tibia "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-01 10:22:12 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-02 06:05:34 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-02 06:05:49 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-02 11:20:39 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 13 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 8193 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = System Restore | ID = 8193 Description = Error - 2011-06-05 05:39:08 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-05 05:42:32 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-05 05:42:33 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = [ OSession Events ] Error - 2011-02-18 02:03:55 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1233 seconds with 720 seconds of active time. This session ended with a crash. Error - 2011-02-18 02:14:25 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 567 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-06-27 09:19:28 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-06-27 09:27:08 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-06-27 09:36:13 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7030 Description = Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2011-06-27 09:41:11 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2011-06-27 09:41:09 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2011-06-27 10:08:27 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2011-06-27 10:08:32 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2011-06-27 10:08:35 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%1058 Error - 2011-06-27 10:09:09 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2011-06-27 10:09:16 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300 Description = < End of report >[/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by GregoR at 2011-06-27 16:36:21 Microsoft Windows 7 Starter Service Pack 1 System drive C: has 6 GB (8%) free of 76 GB Total RAM: 2037 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:37:06, on 2011-06-27 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe C:\Program Files\blueconnect\DataCardMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxext.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\GregoR\Downloads\RSIT.exe C:\Program Files\trend micro\GregoR.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530240 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Softonic-Polska Toolbar - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [HW_OPENEYE_OUC_blueconnect] "C:\Program Files\blueconnect\UpdateDog\ouc.exe" O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: &P&obierz &za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcaBit Config Service (ABConfSV) - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaConfSV.exe O23 - Service: ArcaBit Main Service (ABMainSV) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe O23 - Service: ArcaBit Backup Service (AVBackup) - ArcaBit - C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe O23 - Service: ArcaBit Tasks Service (AVTasks2) - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaTasksService.exe O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\Program Files\ArcaBit\ArcaUpdate\update.exe O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- End of file - 11612 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll [2010-12-06 765744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}] Softonic-Polska Toolbar - C:\Program Files\Softonic-Polska\tbSoft.dll [2010-10-18 3908192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Softonic-Polska Toolbar - C:\Program Files\Softonic-Polska\tbSoft.dll [2010-10-18 3908192] {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 1697064] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-13 8555040] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2010-04-13 694816] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 425984] "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160] "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 480608] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 521528] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-03-25 742712] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 611672] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "AvMenu"=C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe [2011-06-16 494160] "DataCardMonitor"=C:\Program Files\blueconnect\DataCardMonitor.exe [2011-04-27 253952] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-10-24 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-10-24 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-10-24 150552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HW_OPENEYE_OUC_blueconnect"=C:\Program Files\blueconnect\UpdateDog\ouc.exe [2009-12-31 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe [2010-11-02 1432064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2011-06-07 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-04-22 2423752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2010-04-19 136136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2010-10-26 1050072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-03-19 467816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-03-03 30040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 22840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] C:\PROGRA~1\MIF5BA~1\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-10-24 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-25 203776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-06-27 16:36:24 ----D---- C:\Program Files\trend micro 2011-06-27 16:36:20 ----D---- C:\rsit 2011-06-27 15:41:03 ----SHD---- C:\$RECYCLE.BIN 2011-06-27 15:40:53 ----A---- C:\ComboFix.txt 2011-06-27 15:35:57 ----D---- C:\Windows\temp 2011-06-27 15:17:15 ----A---- C:\Windows\MBR.exe 2011-06-27 15:17:14 ----A---- C:\Windows\PEV.exe 2011-06-27 15:17:14 ----A---- C:\Windows\NIRCMD.exe 2011-06-27 15:17:13 ----A---- C:\Windows\zip.exe 2011-06-27 15:17:13 ----A---- C:\Windows\SWREG.exe 2011-06-27 15:17:13 ----A---- C:\Windows\sed.exe 2011-06-27 15:17:13 ----A---- C:\Windows\grep.exe 2011-06-27 15:17:12 ----A---- C:\Windows\SWSC.exe 2011-06-27 15:16:54 ----D---- C:\Windows\ERDNT 2011-06-27 15:16:39 ----D---- C:\Qoobox 2011-06-27 15:11:39 ----D---- C:\Users\GregoR\AppData\Roaming\RGE 2011-06-27 13:43:41 ----D---- C:\Program Files\StarterBackgroundChanger 2011-06-27 12:06:18 ----D---- C:\Windows\system32\Lang 2011-06-27 12:06:17 ----A---- C:\Windows\system32\igxpun.exe 2011-06-17 06:20:10 ----A---- C:\Windows\system32\mshtmled.dll 2011-06-17 06:20:09 ----A---- C:\Windows\system32\iertutil.dll 2011-06-17 06:20:08 ----A---- C:\Windows\system32\jscript.dll 2011-06-17 06:20:08 ----A---- C:\Windows\system32\ieui.dll 2011-06-17 06:20:07 ----A---- C:\Windows\system32\jscript9.dll 2011-06-17 06:20:04 ----A---- C:\Windows\system32\mshtml.dll 2011-06-17 06:20:04 ----A---- C:\Windows\system32\ieframe.dll 2011-06-17 06:20:02 ----A---- C:\Windows\system32\urlmon.dll 2011-06-16 22:27:30 ----A---- C:\Windows\system32\inetcomm.dll 2011-06-16 22:27:27 ----A---- C:\Windows\system32\d3d10_1.dll 2011-06-16 22:27:23 ----A---- C:\Windows\system32\drivers\srvnet.sys 2011-06-16 22:27:23 ----A---- C:\Windows\system32\drivers\srv2.sys 2011-06-16 22:27:22 ----A---- C:\Windows\system32\drivers\srv.sys 2011-06-16 22:27:18 ----A---- C:\Windows\system32\drivers\tcpip.sys 2011-06-16 22:27:12 ----A---- C:\Windows\system32\drivers\afd.sys 2011-06-16 22:27:10 ----A---- C:\Windows\system32\oleaut32.dll 2011-06-16 22:27:07 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2011-06-16 22:27:06 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2011-06-16 22:27:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2011-06-14 16:43:57 ----D---- C:\Users\GregoR\AppData\Roaming\Apple Computer 2011-06-14 16:43:01 ----A---- C:\Windows\system32\GEARAspi.dll 2011-06-14 16:43:01 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys 2011-06-14 16:41:55 ----D---- C:\Program Files\iPod 2011-06-14 16:41:47 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-06-14 16:41:47 ----D---- C:\Program Files\iTunes 2011-06-14 16:40:20 ----D---- C:\Program Files\QuickTime 2011-06-14 16:40:15 ----D---- C:\ProgramData\Apple Computer 2011-06-14 16:39:50 ----D---- C:\Program Files\Apple Software Update 2011-06-14 16:38:54 ----D---- C:\Program Files\Bonjour 2011-06-14 16:38:38 ----D---- C:\ProgramData\Apple 2011-06-14 16:38:38 ----D---- C:\Program Files\Common Files\Apple 2011-06-09 18:58:57 ----D---- C:\Windows\pss 2011-06-01 19:57:11 ----D---- C:\Users\GregoR\AppData\Roaming\U3 2011-05-30 14:26:47 ----D---- C:\Users\GregoR\AppData\Roaming\CyberLink 2011-05-30 14:25:17 ----D---- C:\ProgramData\CyberLink 2011-05-30 14:25:09 ----D---- C:\Program Files\CyberLink ======List of files/folders modified in the last 1 months====== 2011-06-27 16:36:24 ----D---- C:\Program Files 2011-06-27 16:22:55 ----D---- C:\Windows\system32\config 2011-06-27 15:36:24 ----D---- C:\Windows 2011-06-27 15:36:24 ----A---- C:\Windows\system.ini 2011-06-27 15:36:02 ----D---- C:\Windows\system32\drivers\etc 2011-06-27 15:34:26 ----D---- C:\ProgramData 2011-06-27 15:27:28 ----D---- C:\Windows\system32\drivers 2011-06-27 15:27:28 ----D---- C:\Windows\System32 2011-06-27 15:27:28 ----D---- C:\Windows\AppPatch 2011-06-27 15:27:22 ----D---- C:\Program Files\Common Files 2011-06-27 15:15:20 ----D---- C:\Windows\Prefetch 2011-06-27 13:43:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-06-27 13:43:10 ----D---- C:\Windows\inf 2011-06-27 12:28:25 ----D---- C:\Program Files\Metin2_PL 2011-06-27 12:09:11 ----D---- C:\Windows\system32\catroot 2011-06-27 12:06:47 ----D---- C:\Windows\system32\DriverStore 2011-06-27 11:56:50 ----D---- C:\Windows\system32\catroot2 2011-06-26 21:36:57 ----D---- C:\Program Files\Mozilla Firefox 2011-06-26 21:32:49 ----D---- C:\Users\GregoR\AppData\Roaming\Winamp 2011-06-26 20:54:01 ----SHD---- C:\Windows\Installer 2011-06-26 20:53:09 ----D---- C:\Windows\system32\Tasks 2011-06-26 20:39:27 ----D---- C:\Users\GregoR\AppData\Roaming\Skype 2011-06-26 20:11:31 ----D---- C:\Users\GregoR\AppData\Roaming\skypePM 2011-06-21 10:18:46 ----D---- C:\Windows\debug 2011-06-17 08:12:51 ----D---- C:\Windows\winsxs 2011-06-17 07:58:53 ----D---- C:\Program Files\Microsoft Silverlight 2011-06-17 06:30:11 ----D---- C:\Program Files\Internet Explorer 2011-06-17 06:30:05 ----D---- C:\ProgramData\Microsoft Help 2011-06-17 06:24:13 ----A---- C:\Windows\system32\MRT.exe 2011-06-14 16:43:00 ----DC---- C:\Windows\system32\DRVSTORE 2011-06-10 16:06:10 ----D---- C:\Program Files\Tibia 2011-06-09 07:43:47 ----D---- C:\Users\GregoR\AppData\Roaming\gtk-2.0 2011-06-07 07:11:49 ----D---- C:\Users\GregoR\AppData\Roaming\AIMP 2011-06-04 23:45:21 ----D---- C:\Users\GregoR\AppData\Roaming\Media Player Classic 2011-05-31 15:44:55 ----D---- C:\Downloads 2011-05-31 08:19:48 ----D---- C:\Windows\system32\drivers\UMDF 2011-05-30 21:00:09 ----D---- C:\Users\GregoR\AppData\Roaming\BitComet 2011-05-30 14:25:09 ----HD---- C:\Program Files\InstallShield Installation Information 2011-05-30 14:24:27 ----D---- C:\Program Files\Common Files\InstallShield 2011-05-28 14:02:24 ----D---- C:\ProgramData\ArcaBit ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 36208] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-13 436792] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512] R1 ABTDI;ArcaBit Network Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2010-10-26 51280] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328] R3 ABFLT;ArcaBit File Monitor Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [2011-03-05 52304] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-11-06 1227776] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-10-24 4807168] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-04-13 3074528] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 242864] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\Windows\System32\Drivers\e4ldr.sys [2007-01-04 69656] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;Sterownik filtru magistrali AGP AMD; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416] S3 catchme;catchme; \??\C:\Users\GregoR\AppData\Local\Temp\catchme.sys [] S3 cpuz;cpuz; \??\C:\Users\GregoR\AppData\Local\Temp\cpuz.sys [] S3 e4usbaw;USB ADSL2 WAN Adapter; C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2010-04-09 69504] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984] S3 PortTalk;PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [2009-01-18 3567] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-12 189984] S3 sisagp;Filtr magistrali AGP SIS; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496] S3 viaagp;Filtr magistrali AGP VIA; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;Sterownik procesora VIA C7; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ABConfSV;ArcaBit Config Service; C:\Program Files\ArcaBit\Common\ArcaConfSV.exe [2011-05-31 137808] R2 ABMainSV;ArcaBit Main Service; C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe [2011-05-04 150992] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664] R2 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2011-06-15 535120] R2 AVTasks2;ArcaBit Tasks Service; C:\Program Files\ArcaBit\Common\ArcaTasksService.exe [2011-03-05 129616] R2 AVUpdate;ArcaBit Update Service; C:\Program Files\ArcaBit\ArcaUpdate\update.exe [2010-12-03 117328] R2 Bonjour Service;Usługa Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-08-19 229376] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 468320] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960] S2 AVBackup;ArcaBit Backup Service; C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe [2011-03-29 186960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120] S3 iPod Service;Usługa iPod; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 820520] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-04-24 403240] S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.08 2011-06-27 16:37:16 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA} Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA} Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}" Adobe Reader 9.4.4 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D} AIMP2-->C:\Program Files\AIMP2\Uninstall.exe Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} ALLConverter PRO 1.0-->"C:\Program Files\ALLConverter PRO\unins000.exe" ALLPlayer V4.X-->"C:\Program Files\ALLPlayer\unins000.exe" Apple Application Support-->MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992} Apple Mobile Device Support-->MsiExec.exe /I{C23CD6DA-1958-43A5-ADD0-59396572E02E} Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66} ArcaVir Prerequistes-->MsiExec.exe /I{F41B3F68-C137-477A-9DD5-E231F512D84F} ArcaVir-->MsiExec.exe /X{9FE65E62-D027-47F7-B32D-8CAC60026D75} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0015 Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1} BitComet 1.25-->C:\Program Files\BitComet\uninst.exe blueconnect-->C:\Program Files\blueconnect\uninst.exe Bonjour-->MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} CPUID CPU-Z 1.56-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} eBay-->MsiExec.exe /X{FDE58148-57E7-43BF-879A-29CCE818C078} EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7} Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Icy Tower v1.4-->"c:\program files\icytower1.4\unins000.exe" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall ipla 2.2.1-->C:\Program Files\ipla\uninst.exe iTunes-->MsiExec.exe /I{C897FCB3-2F8B-4185-8035-79E2AF3A92A4} Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Codec Pack 6.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {E9EA2604-8AC9-47D2-8F4B-6BF60787A357} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57} Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7} Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C} Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Moduł Szybka instalacja pakietu Microsoft Office 2010-->MsiExec.exe /I{90140000-006D-0415-0000-0000000FF1CE} Mozilla Firefox 5.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000" Nero BackItUp and Burn-->MsiExec.exe /X{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9} Nero BackItUp-->MsiExec.exe /X{0420F95C-11FF-4E02-B967-6CC22B188F9F} Nero BurnRights Help-->MsiExec.exe /X{F6BDD7C5-89ED-4569-9318-469AA9732572} Nero BurnRights-->MsiExec.exe /X{397516AE-7DFE-4F90-84E0-BD616D559434} Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB} Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero ControlCenter-->MsiExec.exe /X{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36} Nero DiscSpeed Help-->MsiExec.exe /X{CC019E3F-59D2-4486-8D4B-878105B62A71} Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C} Nero DriveSpeed Help-->MsiExec.exe /X{E5C7D048-F9B4-4219-B323-8BDB01A2563D} Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A} Nero Express Help-->MsiExec.exe /X{83202942-84B3-4C50-8622-B8C0AA2D2885} Nero Express-->MsiExec.exe /X{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6} Nero InfoTool Help-->MsiExec.exe /X{20400DBD-E6DB-45B8-9B6B-1DD7033818EC} Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139} Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF} Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E} Nero RescueAgent-->MsiExec.exe /X{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1} Nero StartSmart Help-->MsiExec.exe /X{2348B586-C9AE-46CE-936C-A68E9426E214} Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2} NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392} Photo Service - powered by myphotobook-->msiexec /qb /x {9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E} Photo Service - powered by myphotobook-->MsiExec.exe /I{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1} Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP Pomocnik Messenger-->MsiExec.exe /I{BD8DA595-F501-4ABE-85A0-5C23E82472A0} PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Pro Evolution Soccer 6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045 Program TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0415 Program TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0415 Quake III Arena-->C:\Windows\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu" QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C} Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -removeonly SAGEM F@st 800-840-->C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe -runfromtemp -l0x0015 -removeonly SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0} Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F} Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1} Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062} Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Softonic-Polska Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG Speccy-->"C:\Program Files\Speccy\uninst.exe" Sprzęt instalacyjny TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{5279374D-87FE-4879-9385-F17278EBB9D3}\setup.exe" -runfromtemp -l0x0415 -removeonly StarterBackgroundChanger-->C:\Program Files\StarterBackgroundChanger\Uninstall.exe Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab for Intel-->MsiExec.exe /I{99A17B9E-3901-400B-BCD7-2ACD8FFE328B} TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" Tibia-->"C:\Program Files\Tibia\unins000.exe" TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0015 -removeonly TOSHIBA Bulletin Board-->"C:\Program Files\InstallShield Installation Information\{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}\setup.exe" -runfromtemp -l0x0415 -removeonly TOSHIBA Bulletin Board-->MsiExec.exe /X{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6} TOSHIBA ConfigFree-->MsiExec.exe /X{607BE7BF-7C28-4ADB-A4A0-385962B901C3} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Hardware Setup-->MsiExec.exe /I{5279374D-87FE-4879-9385-F17278EBB9D3} TOSHIBA Hasło administratora-->"C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0415 -removeonly Toshiba Manuals-->"C:\Program Files\InstallShield Installation Information\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}\setup.exe" -runfromtemp -l0x0015 -removeonly TOSHIBA Media Controller-->C:\Program Files\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -l0x0015 -removeonly TOSHIBA Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0015 -removeonly TOSHIBA Recovery Media Creator Reminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0415 TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} TOSHIBA ReelTime-->"C:\Program Files\InstallShield Installation Information\{B894522E-C079-4DC8-A305-30BA6E2F4459}\setup.exe" -runfromtemp -l0x0415 -removeonly TOSHIBA ReelTime-->MsiExec.exe /X{B894522E-C079-4DC8-A305-30BA6E2F4459} TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0015 -removeonly TOSHIBA Supervisor Password-->"C:\Program Files\InstallShield Installation Information\{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}\setup.exe" -runfromtemp -l0x0415 TOSHIBA Sync Utility-->"C:\Program Files\InstallShield Installation Information\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}\setup.exe" -runfromtemp -l0x0415 -removeonly TOSHIBA TEMPRO-->MsiExec.exe /X{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E} TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TOSHIBA Web Camera Application-->C:\Program Files\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0015 -removeonly TRORMCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0415 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC} Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945} Utility Common Driver-->"C:\Program Files\InstallShield Installation Information\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}\setup.exe" -runfromtemp -l0x0409 -removeonly Utility Common Driver-->MsiExec.exe /I{12688FD7-CB92-4A5B-BEE4-5C8E0574434F} WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Family Safety-->MsiExec.exe /I{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03} Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9} Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live Remote Client Resources-->MsiExec.exe /I{C30628D8-D3A0-4F23-90F0-F145808087B6} Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF} Windows Live Remote Service Resources-->MsiExec.exe /I{201B5096-AF6E-423E-B987-023E040D9B42} Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{543E6ACA-51B7-4283-82F2-57C0582A53C5} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} ======System event log====== Computer Name: GregoR-TOSHIBA Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia. Record Number: 129520 Source Name: Service Control Manager Time Written: 20110408162337.315194-000 Event Type: Informacje User: Computer Name: GregoR-TOSHIBA Event Code: 6 Message: Filtr systemu plików ABFLT (6.0, ?2011?-?02?-?14T17:48:46.000000000Z) został pomyślnie załadowany i zarejestrował się w menedżerze filtrów. Record Number: 129519 Source Name: Microsoft-Windows-FilterManager Time Written: 20110408162336.737993-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: GregoR-TOSHIBA Event Code: 7036 Message: Usługa Menedżer połączeń usługi Dostęp zdalny weszła w stan uruchomienia. Record Number: 129518 Source Name: Service Control Manager Time Written: 20110408162335.786391-000 Event Type: Informacje User: Computer Name: GregoR-TOSHIBA Event Code: 7036 Message: Usługa Telefonia weszła w stan uruchomienia. Record Number: 129517 Source Name: Service Control Manager Time Written: 20110408162335.411990-000 Event Type: Informacje User: Computer Name: GregoR-TOSHIBA Event Code: 7036 Message: Usługa Usługa Protokół SSTP weszła w stan uruchomienia. Record Number: 129516 Source Name: Service Control Manager Time Written: 20110408162335.349590-000 Event Type: Informacje User: =====Application event log===== Computer Name: GregoR-TOSHIBA Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 1799 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101120103319.311161-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: GregoR-TOSHIBA Event Code: 1532 Message: Usługa profilów użytkowników została zatrzymana. Record Number: 1798 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100925181437.983318-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: WIN-SRAAV3MGUCA Event Code: 1003 Message: Usługa Windows Search została uruchomiona. Record Number: 1797 Source Name: Microsoft-Windows-Search Time Written: 20100925181430.000000-000 Event Type: Informacje User: Computer Name: WIN-SRAAV3MGUCA Event Code: 1013 Message: Usługa Windows Search została normalnie zatrzymana. Record Number: 1796 Source Name: Microsoft-Windows-Search Time Written: 20100925181429.000000-000 Event Type: Informacje User: Computer Name: WIN-SRAAV3MGUCA Event Code: 103 Message: Windows (1672) Windows: Aparat bazy danych zatrzymał wystąpienie (0). Record Number: 1795 Source Name: ESENT Time Written: 20100925181428.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: GregoR-TOSHIBA Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GREGOR-TOSHIBA$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x22c Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 18181 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110211052108.870439-000 Event Type: Sukcesy inspekcji User: Computer Name: GregoR-TOSHIBA Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000 Nazwa konta: GregoR Domena konta: GregoR-TOSHIBA Identyfikator logowania: 0x15b4e Uprawnienia: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 18180 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110211052108.386838-000 Event Type: Sukcesy inspekcji User: Computer Name: GregoR-TOSHIBA Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GREGOR-TOSHIBA$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 2 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000 Nazwa konta: GregoR Domena konta: GregoR-TOSHIBA Identyfikator logowania: 0x15b84 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x24c Nazwa procesu: C:\Windows\System32\winlogon.exe Informacje o sieci: Nazwa stacji roboczej: GREGOR-TOSHIBA Adres źródłowy sieci: 127.0.0.1 Port źródłowy: 0 Szczegółowe informacje o uwierzytelnianiu: Proces logowania: User32 Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 18179 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110211052108.386838-000 Event Type: Sukcesy inspekcji User: Computer Name: GregoR-TOSHIBA Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GREGOR-TOSHIBA$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 2 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-21-2193016258-3817806477-758741741-1000 Nazwa konta: GregoR Domena konta: GregoR-TOSHIBA Identyfikator logowania: 0x15b4e Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x24c Nazwa procesu: C:\Windows\System32\winlogon.exe Informacje o sieci: Nazwa stacji roboczej: GREGOR-TOSHIBA Adres źródłowy sieci: 127.0.0.1 Port źródłowy: 0 Szczegółowe informacje o uwierzytelnianiu: Proces logowania: User32 Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 18178 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110211052108.386838-000 Event Type: Sukcesy inspekcji User: Computer Name: GregoR-TOSHIBA Event Code: 4648 Message: Podjęto próbę logowania przy użyciu jawnych poświadczeń. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: GREGOR-TOSHIBA$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Konto, którego poświadczenia zostały użyte: Nazwa konta: GregoR Domena konta: GregoR-TOSHIBA Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Serwer docelowy: Nazwa serwera docelowego: localhost Informacje dodatkowe: localhost Informacje o procesie: Identyfikator procesu: 0x24c Nazwa procesu: C:\Windows\System32\winlogon.exe Informacje o sieci: Adres sieciowy: 127.0.0.1 Port: 0 To zdarzenie jest generowane, gdy proces podejmie próbę zalogowania się na koncie, określając w sposób jawny poświadczenia konta. To zdarzenie najczęściej występuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas używania polecenia RUNAS. Record Number: 18177 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110211052108.386838-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ArcaBit\Common;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=1c0a "asl.log"=Destination=file "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- [/log] [log]GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-27 17:29:09 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.GH01 Running: rhv8ew8d.exe; Driver: C:\Users\GregoR\AppData\Local\Temp\kwlorfow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 81E51339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E8AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 880BC000 8 Bytes [34, 22, 23, 82, A0, 87, 22, ...] {XOR AL, 0x22; AND EAX, [EDX-0x7ddd7860]} .text sptd.sys 880BC009 23 Bytes [87, 22, 82, 48, AB, 22, 82, ...] .text sptd.sys 880BC024 4 Bytes [44, B5, 1E, 88] .text sptd.sys 880BC02C 10 Bytes [99, 85, 07, 82, D2, 48, FF, ...] .text sptd.sys 880BC037 89 Bytes [82, A0, DA, E4, 81, 6F, 98, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x881B3D38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload 8D9C8DB9 5 Bytes JMP 85BFA410 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2232] ntdll.dll!LdrLoadDll 777922B8 5 Bytes JMP 01321410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2232] USER32.dll!GetWindowInfo 75BF4B5E 5 Bytes JMP 6ADCC3EA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [880BD0C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [880BDFE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [880BD574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [880BE1BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [880BD362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74542437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74525600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745256BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745424B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74538514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74534CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7453506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74535144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74536671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7453826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745387BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7453901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7453E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74534BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\ArcaBit\ArcaUpdate\update.exe[1656] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757DFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84B1D1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 85B481F8 Device \Driver\usbuhci \Device\USBPDO-1 85B481F8 Device \Driver\usbuhci \Device\USBPDO-2 85B481F8 Device \Driver\usbuhci \Device\USBPDO-3 85B481F8 Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-4 85BE4430 AttachedDevice \Driver\tdx \Device\Tcp ABTDI.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{B78514DA-6175-4B4D-81A0-2F205D2BB38D} 85B161F8 Device \Driver\cdrom \Device\CdRom0 863F01F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8835B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8835B360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85B161F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E9A9F061-1CE0-4873-B831-38EC778A3245} 85B161F8 Device \Driver\PCI_PNP0445 \Device\0000005a sptd.sys Device \Driver\PCI_PNP0445 \Device\0000005a sptd.sys Device \Driver\PCI_PNP0445 \Device\0000005b sptd.sys Device \Driver\PCI_PNP0445 \Device\0000005b sptd.sys Device \Driver\usbuhci \Device\USBFDO-0 85B481F8 Device \Driver\usbuhci \Device\USBFDO-1 85B481F8 Device \Driver\usbuhci \Device\USBFDO-2 85B481F8 Device \Driver\usbuhci \Device\USBFDO-3 85B481F8 Device \Driver\usbehci \Device\USBFDO-4 85BE4430 Device \Driver\aw3hyt6c \Device\Scsi\aw3hyt6c1 85C6A1F8 Device \Driver\aw3hyt6c \Device\Scsi\aw3hyt6c1Port2Path0Target0Lun0 85C6A1F8 Device \Driver\a9wf9zjv \Device\Scsi\a9wf9zjv1 85C701F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@a00798622e14 0xB0 0x66 0xD1 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@101dc0cf086a 0x79 0x95 0x56 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@00265d5cdc30 0x72 0xC6 0x60 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@0024ef8fe88b 0xC8 0xB3 0x2B 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@0021fb8d8067 0x9E 0x85 0x04 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xD1 0x3C 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x4D 0x8B 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x6C 0xD8 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0xE7 0x30 0x2E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@a00798622e14 0xB0 0x66 0xD1 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@101dc0cf086a 0x79 0x95 0x56 0x50 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@00265d5cdc30 0x72 0xC6 0x60 0x68 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@0024ef8fe88b 0xC8 0xB3 0x2B 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@0021fb8d8067 0x9E 0x85 0x04 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xD1 0x3C 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x4D 0x8B 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEE 0x6C 0xD8 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0xE7 0x30 0x2E ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- Files - GMER 1.0.15 ---- File Q:\$RECYCLE.BIN 0 bytes File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-1000 0 bytes File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-1000\desktop.ini 129 bytes File Q:\$RECYCLE.BIN\S-1-5-21-2193016258-3817806477-758741741-500 0 bytes File Q:\GREGOR-TOSHIBA 0 bytes File Q:\GREGOR-TOSHIBA\Desktop.ini 226 bytes File Q:\HDDRecovery 0 bytes File Q:\HDDRecovery\HDDRecovery.tag 13 bytes File Q:\HDDRecovery\ODDFiles 0 bytes File Q:\HDDRecovery\ODDFiles\Boot 0 bytes File Q:\HDDRecovery\ODDFiles\Boot\bcd 262144 bytes File Q:\HDDRecovery\ODDFiles\Boot\boot.sdi 3170304 bytes File Q:\HDDRecovery\ODDFiles\Boot\etfsboot.com 4096 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts 0 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts\chs_boot.ttf 3693112 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts\cht_boot.ttf 3875804 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts\jpn_boot.ttf 1983244 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts\kor_boot.ttf 2370376 bytes File Q:\HDDRecovery\ODDFiles\Boot\fonts\wgl4_boot.ttf 46468 bytes File Q:\HDDRecovery\ODDFiles\bootmgr 383562 bytes File Q:\HDDRecovery\ODDFiles\EFI 0 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft 0 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot 0 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\bcd 262144 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts 0 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\chs_boot.ttf 3693096 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\cht_boot.ttf 3875804 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\jpn_boot.ttf 1983260 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\kor_boot.ttf 2370392 bytes File Q:\HDDRecovery\ODDFiles\EFI\microsoft\boot\fonts\wgl4_boot.ttf 46468 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP 0 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot 0 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\bcd 262144 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\boot.sdi 3170304 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\etfsboot.com 2048 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\fonts 0 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\boot\fonts\wgl4_boot.ttf 49752 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\bootmgr 333203 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\sources 0 bytes File Q:\HDDRecovery\ODDFiles\HDDPREP\sources\boot.wim 118680687 bytes File Q:\HDDRecovery\ODDFiles\HTMPREP 0 bytes File Q:\HDDRecovery\ODDFiles\HTMPREP\ReadMe.html 9804 bytes File Q:\HDDRecovery\ODDFiles\HTMPREP\TOSHIBA.jpg 6751 bytes File Q:\HDDRecovery\ODDFiles\sources 0 bytes File Q:\HDDRecovery\ODDFiles\sources\boot.wim 118958836 bytes File Q:\HDDRecovery\ODDFiles\Tools 0 bytes File Q:\HDDRecovery\ODDFiles\Tools\crtdll.dll 149019 bytes executable File Q:\HDDRecovery\ODDFiles\Tools\imagex.exe 481680 bytes executable File Q:\HDDRecovery\ODDFiles\Tools\Version.txt 26 bytes File Q:\HDDRecovery\ODDFiles\Tools\vRecoFastCRC.exe 217088 bytes executable File Q:\HDDRecovery\ODDFiles\Tools\XcludeCRC.ini 661 bytes File Q:\HDDRecovery\ODDFiles\Tools\zlibwapi.dll 72704 bytes executable File Q:\HDDRecovery\OriSetenv 0 bytes File Q:\HDDRecovery\OriSetenv\Setenv.ini 4250 bytes File Q:\HDDRecovery\ReadMe.html 9804 bytes File Q:\HDDRecovery\SWImg 0 bytes File Q:\HDDRecovery\SWImg\12344XR1.crc 4814 bytes File Q:\HDDRecovery\SWImg\12344XSP.swm 943694294 bytes File Q:\HDDRecovery\SWImg\12344XSP2.swm 939890616 bytes File Q:\HDDRecovery\SWImg\12344XSP3.swm 662752018 bytes File Q:\HDDRecovery\SWImg\12344XSP4.swm 885374214 bytes File Q:\HDDRecovery\SWImg\12344XSP5.swm 943507560 bytes File Q:\HDDRecovery\SWImg\12344XSP6.swm 941526050 bytes File Q:\HDDRecovery\SWImg\12344XSP7.swm 293682013 bytes File Q:\HDDRecovery\SWImg\12344XV1.crc 14650968 bytes File Q:\HDDRecovery\TOSHIBA.jpg 6751 bytes File Q:\System Volume Information 0 bytes File Q:\System Volume Information\Chkdsk 0 bytes File Q:\System Volume Information\Chkdsk\Chkdsk20110313152614.log 3072 bytes File Q:\System Volume Information\tracking.log 20480 bytes File Q:\System Volume Information\{0e3a90e0-009c-11e0-9565-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 61849600 bytes File Q:\System Volume Information\{2da53591-4285-11e0-a0c7-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 1174405120 bytes File Q:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 65536 bytes File Q:\System Volume Information\{3e167af2-219f-11e0-a5c2-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 5996544 bytes File Q:\System Volume Information\{d524b85e-f5f8-11df-93e6-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 1591263232 bytes File Q:\System Volume Information\{e0d36913-1247-11e0-8558-88ae1de68b06}{3808876b-c176-4e48-b7ae-04046e6cc752} 92553216 bytes ---- EOF - GMER 1.0.15 ---- [/log] [log]GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-27 17:30:47 Windows 6.1.7601 Service Pack 1 Running: rhv8ew8d.exe; Driver: C:\Users\GregoR\AppData\Local\Temp\kwlorfow.sys ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET CLR Networking 4.0.0.0 Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service C:\Windows\system32\drivers\1394ohci.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] 1394ohci Service C:\Program Files\ArcaBit\Common\ArcaConfSV.exe (ArcaBit Config Service/ArcaBit) [AUTO] ABConfSV Service C:\??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [MANUAL] ABFLT Service C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe (ArcaBit Main Service/ArcaBit) [AUTO] ABMainSV Service C:\??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [SYSTEM] ABTDI Service C:\Windows\system32\drivers\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service C:\Windows\system32\drivers\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi Service C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx Service C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci Service C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [MANUAL] adpu320 Service adsi Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AeLookupSvc Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service C:\Windows\system32\drivers\agp440.sys (Filtr AGP 440 NT/Microsoft Corporation) [MANUAL] agp440 Service C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [MANUAL] aic78xx Service C:\Windows\System32\alg.exe (Usługa bramy warstwy aplikacji/Microsoft Corporation) [MANUAL] ALG Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide Service C:\Windows\system32\drivers\amdagp.sys (Filtr AGP AMD NT/Microsoft Corporation) [MANUAL] amdagp Service C:\Windows\system32\drivers\amdide.sys (Sterownik AMD IDE/Microsoft Corporation) [MANUAL] amdide Service C:\Windows\system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8 Service C:\Windows\system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM Service C:\Windows\system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata Service C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows family/AMD Technologies Inc.) [MANUAL] amdsbs Service C:\Windows\system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata Service C:\Windows\system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AppIDSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Appinfo Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) AppMgmt Service C:\Windows\system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc Service C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [AUTO] ArcaRemoteService Service C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas Service Aspi32 Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi Service C:\Windows\system32\DRIVERS\athr.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] athr Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] AudioEndpointBuilder Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Audiosrv Service C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe (Backup Module/ArcaBit) [AUTO] AVBackup Service C:\Program Files\ArcaBit\Common\ArcaTasksService.exe (Tasks2 Module/ArcaBit) [AUTO] AVTasks2 Service C:\Program Files\ArcaBit\ArcaUpdate\update.exe (Update Module/ArcaBit) [AUTO] AVUpdate Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] AxInstSV Service C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv Service C:\Windows\system32\DRIVERS\b57nd60x.sys (Ujednolicony sterownik karty Broadcom NetXtreme Gigabit Ethernet NDIS6.x./Broadcom Corporation) [MANUAL] b57nd60x Service (Battery Class Driver/Microsoft Corporation) BattC Service C:\Program Files\Microsoft\BingBar\BBSvc.EXE (BingBar Service/Microsoft Corporation.) [MANUAL] BBSvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] BDESVC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] BFE Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] BITS Service C:\Windows\system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser Service C:\Windows\system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service C:\Windows\system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Browser Service C:\Windows\System32\Drivers\Brserid.sys (Sterownik szeregowy I/F (WDM) firmy Brother/Brother Industries Ltd.) [MANUAL] Brserid Service C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm Service C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm Service C:\Windows\System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service C:\Windows\system32\DRIVERS\BthEnum.sys (Przedłużenie magistrali Bluetooth/Microsoft Corporation) [MANUAL] BthEnum Service C:\Windows\system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM Service C:\Windows\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan Service C:\Windows\System32\Drivers\BTHport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) [MANUAL] BTHPORT Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] bthserv Service C:\Windows\System32\Drivers\BTHUSB.sys (Sterownik miniportu Bluetooth/Microsoft Corporation) [MANUAL] BTHUSB Service C:\Users\GregoR\AppData\Local\Temp\catchme.sys [MANUAL] catchme Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] CertPropSvc Service C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] cfWiMAXService Service C:\Windows\system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32 Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32 Service C:\Windows\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide Service C:\Windows\System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt Service C:\Windows\system32\drivers\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (ConfigFree Service Process/TOSHIBA CORPORATION) [AUTO] ConfigFree Service Service C:\Users\GregoR\AppData\Local\Temp\cpuz.sys [MANUAL] cpuz Service C:\??\C:\Windows\system32\drivers\cpuz134_x32.sys [AUTO] cpuz134 Service C:\Windows\system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk Service crypt32 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] CryptSvc Service C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Office Client Virtualization Service /Microsoft Corporation) [AUTO] cvhsvc Service DCLocator Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] DcomLaunch Service C:\ProgramData\DatacardService\DCService.exe [AUTO] DCService.exe Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] defragsvc Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dhcp Service C:\Windows\System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache Service C:\Windows\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Dnscache Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] dot3svc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] DPS Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl Service C:\Windows\System32\Drivers\e4ldr.sys (USB Firmware loader/Analog Deivces) [AUTO] E4LOADER Service C:\Windows\system32\DRIVERS\e4usbaw.sys (ADSL USB Driver/Analog Devices Inc.) [MANUAL] e4usbaw Service C:\Windows\system32\drivers\EagleNT.sys [MANUAL] EagleNT Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] EapHost Service C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS Service C:\Windows\system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor Service C:\Windows\system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev Service ESENT Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] eventlog Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] EventSystem Service (USB NDIS Miniport Driver/Huawei Technologies Co., Ltd.) ewusbnet Service (USB Modem/Serial Device Driver/Huawei Technologies Co., Ltd.) ew_hwusbdev Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] fdPHost Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] FDResPub Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk Service C:\Windows\system32\drivers\fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) [BOOT] FltMgr Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] FontCache Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service C:\Windows\System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends Service C:\Windows\system32\DRIVERS\fssfltr.sys (Family Safety Filter Driver (WFP Callout)/Microsoft Corporation) [MANUAL] fssfltr Service C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation) [MANUAL] fsssvc Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec Service C:\Windows\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol Service C:\Windows\system32\DRIVERS\gagp30kx.sys (Filtr uniwersalny AGPv3.0 firmy Microsoft dla platform procesora K8/9/Microsoft Corporation) [MANUAL] gagp30kx Service C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] gpsvc Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc Service C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService Service C:\Windows\system32\drivers\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus Service C:\Windows\system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt Service C:\Windows\system32\DRIVERS\hidbth.sys (Sterownik Bluetooth Miniport dla urządzeń HID/Microsoft Corporation) [MANUAL] HidBth Service C:\Windows\system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hidserv Service C:\Windows\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] hkmsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupListener Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] HomeGroupProvider Service C:\Windows\system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD Service C:\Windows\system32\drivers\HTTP.sys (Stos protokołu HTTP/Microsoft Corporation) [MANUAL] HTTP Service C:\Windows\system32\DRIVERS\ew_jucdcacm.sys (ew_jucdcacm Driver/Huawei Technologies Co., Ltd.) [MANUAL] huawei_cdcacm Service C:\Windows\system32\DRIVERS\ew_jubusenum.sys (ew_jubusenum Driver/Huawei Technologies Co., Ltd.) [MANUAL] huawei_enumerator Service hwcdcmdm0 Service C:\Windows\system32\DRIVERS\ewusbmdm.sys (USB Modem/Serial Device Driver/Huawei Technologies Co., Ltd.) [MANUAL] hwdatacard Service C:\Windows\System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy Service hwusbapp Service hwusbdev Service hwusbser Service C:\Windows\system32\drivers\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [MANUAL] i8042prt Service ialm Service C:\Windows\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [BOOT] iaStor Service C:\Windows\system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [MANUAL] iaStorV Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx Service C:\Windows\system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] IKEEXT Service inetaccs Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] IPBusEnum Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] iphlpsvc Service C:\Windows\system32\drivers\IPMIDrv.sys (STEROWNIK URZĄDZENIA INTERFEJSU IPMI W USŁUDZE WMI/Microsoft Corporation) [MANUAL] IPMIDRV Service C:\Windows\System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service C:\Windows\system32\drivers\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [MANUAL] isapnp Service C:\Windows\system32\drivers\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt Service C:\Windows\system32\drivers\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [MANUAL] kbdclass Service C:\Windows\system32\drivers\kbdhid.sys (Sterownik filtru klawiatury HID/Microsoft Corporation) [MANUAL] kbdhid Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\Windows\System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] KtmRm Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanServer Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] LanmanWorkstation Service ldap Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] lltdsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] lmhosts Service C:\Windows\system32\DRIVERS\LPCFilter.sys (LPCFilter/COMPAL ELECTRONIC INC.) [BOOT] LPCFilter Service Lsa Service C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC Service C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS Service C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2 Service C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI Service C:\Windows\system32\drivers\luafv.sys (Sterownik filtru wirtualizacji plików LUA/Microsoft Corporation) [AUTO] luafv Service MAV Client PerfMon Provider Service C:\Windows\system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7 for x86/LSI Corporation) [MANUAL] megasas Service C:\Windows\system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MMCSS Service C:\Windows\system32\drivers\modem.sys (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor Service C:\Windows\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [MANUAL] mouclass Service C:\Windows\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid Service C:\Windows\System32\drivers\mountmgr.sys (Menedżer punktów instalacji/Microsoft Corporation) [BOOT] mountmgr Service C:\Windows\system32\drivers\mpio.sys (Sterownik magistrali obsługujący wiele ścieżek/Microsoft Corporation) [MANUAL] mpio Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] MpsSvc Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10 Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20 Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci Service C:\Windows\system32\drivers\msdsm.sys (Moduł specyficzny dla urządzeń firmy Microsoft/Microsoft Corporation) [MANUAL] msdsm Service C:\Windows\System32\msdtc.exe (Usługa Koordynator transakcji rozproszonych firmy Microsoft/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service MSDTC Bridge 4.0.0.0 Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\Windows\System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] MSiSCSI Service C:\Windows\system32\msiexec.exe (Instalator systemu Windows®/Microsoft Corporation) [MANUAL] msiserver Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC Service MSSCNTRS Service C:\Windows\system32\drivers\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service C:\Windows\system32\DRIVERS\MTConfig.sys (Sterownik urządzenia Microsoft Multi-Touch HID/Microsoft Corporation) [MANUAL] MTConfig Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] napagent Service C:\Windows\system32\DRIVERS\nwifi.sys (Sterownik NativeWiFi Miniport/Microsoft Corporation) [MANUAL] NativeWifiP Service C:\Windows\system32\drivers\ndis.sys (Sterownik NDIS 6.20/Microsoft Corporation) [BOOT] NDIS Service C:\Windows\system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\Windows\system32\DRIVERS\ndisuio.sys (Sterownik NDIS I/O trybu użytkownika/Microsoft Corporation) [MANUAL] Ndisuio Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero BackItUp/Nero AG) [AUTO] Nero BackItUp Scheduler 4.0 Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [DISABLED] Netlogon Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Netman Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] netprofm Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service C:\Windows\system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] NlaSvc Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] nsi Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy Service NTDS Service (Sterownik systemu plików NT/Microsoft Corporation) [MANUAL] Ntfs Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor Service C:\Windows\system32\drivers\nv_agp.sys (Filtr magistrali AGP NForce NT/Microsoft Corporation) [MANUAL] nv_agp Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv Service C:\Windows\system32\drivers\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Office Software Protection Platform Service/Microsoft Corporation) [MANUAL] osppsvc Service Outlook Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2pimsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] p2psvc Service C:\Windows\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr Service C:\Windows\system32\DRIVERS\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] PcaSvc Service C:\Windows\system32\drivers\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] pci Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide Service C:\Windows\system32\DRIVERS\pcmcia.sys (Sterownik magistrali PCMCIA/Microsoft Corporation) [MANUAL] pcmcia Service C:\Windows\System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\Windows\system32\DRIVERS\pgeffect.sys (TOSHIBA Universal Camera Filter Driver/TOSHIBA Corporation) [MANUAL] PGEffect Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] pla Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] PlugPlay Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPAutoReg Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PNRPsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] PolicyAgent Service PortProxy Service C:\Windows\System32\Drivers\PortTalk.sys (PortTalk - Beyond Logic I/O Port Driver/Beyond Logic http://www.beyondlogic.org) [MANUAL] PortTalk Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Power Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\Windows\system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ProfSvc Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage Service C:\Windows\system32\DRIVERS\pacer.sys (Harmonogram pakietów QoS/Microsoft Corporation) [SYSTEM] Psched Service C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300 Service C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] QWAVE Service C:\Windows\system32\drivers\qwavedrv.sys (Sterownik obsługi usługi Quality Windows Audio/Video Experience (qWave)/Microsoft Corporation) [MANUAL] QWAVEdrv Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd Service C:\Windows\system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasAuto Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] RasMan Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp Service C:\Windows\system32\DRIVERS\rdbss.sys (Sterownik podsystemu buforowania przekierowanego dysku/Microsoft Corporation) [SYSTEM] rdbss Service C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD Service RDPNP Service C:\Windows\system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP Service (Sterownik stosu terminalu RDP/Microsoft Corporation) [MANUAL] RDPWD Service C:\Windows\System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] RemoteRegistry Service C:\Windows\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcEptMapper Service C:\Windows\system32\locator.exe (Lokalizator RPC/Microsoft Corporation) [MANUAL] RpcLocator Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] RpcSs Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr Service C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR Service C:\Windows\system32\DRIVERS\Rt86win7.sys (Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver /Realtek ) [MANUAL] RTL8167 Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs Service C:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [SYSTEM] SASDIFSV Service C:\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [SYSTEM] SASKUTIL Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SCardSvr Service C:\Windows\System32\DRIVERS\scfilter.sys (Sterownik filtru czytnika karty inteligentnej Microsoft/Microsoft Corporation) [MANUAL] scfilter Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Schedule Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SCPolicySvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SDRSVC Service C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft SeaPort Search Enhancement Broker/Microsoft Corporation) [MANUAL] SeaPort Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] seclogon Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SENS Service C:\Windows\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum Service C:\Windows\system32\DRIVERS\serial.sys (Sterownik szeregowy I/F (WDM) firmy Brother/Brother Industries Ltd.) [MANUAL] Serial Service C:\Windows\system32\DRIVERS\sermouse.sys (Sterownik filtru myszy szeregowej/Microsoft Corporation) [MANUAL] sermouse Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SessionEnv Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service C:\Windows\system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy Service C:\Windows\system32\DRIVERS\Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation) [MANUAL] Sftfs Service C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Application Virtualization Client Service/Microsoft Corporation) [AUTO] sftlist Service C:\Windows\system32\DRIVERS\Sftplaylh.sys (Microsoft Application Virtualization SystemGuard/Microsoft Corporation) [MANUAL] Sftplay Service C:\Windows\system32\DRIVERS\Sftredirlh.sys (Microsoft Application Virtualization SystemGuard/Microsoft Corporation) [MANUAL] Sftredir Service C:\Windows\system32\DRIVERS\Sftvollh.sys (Microsoft Application Virtualization Volume Manager/Microsoft Corporation) [MANUAL] Sftvol Service C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Application Virtualization Virtual Service Agent/Microsoft Corporation) [MANUAL] sftvsa Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SharedAccess Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] ShellHWDetection Service C:\Windows\system32\drivers\sisagp.sys (Filtr magistrali AGP SIS NT/Microsoft Corporation) [MANUAL] sisagp Service C:\Windows\system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2 Service C:\Windows\system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4 Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb Service SMSvcHost 3.0.0.0 Service SMSvcHost 4.0.0.0 Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [DISABLED] SNMPTRAP Service (loader for security processor/Microsoft Corporation) [BOOT] spldr Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\Windows\system32\sppsvc.exe (Usługa platformy ochrony oprogramowania firmy Microsoft/Microsoft Corporation) [AUTO] sppsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] sppuinotify Service C:\Windows\System32\Drivers\sptd.sys [BOOT] sptd Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2 Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] SSDPSRV Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] SstpSvc Service [SYSTEM] StarOpen Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/StarWind Software) [AUTO] StarWindServiceAE Service C:\Program [MANUAL] Steam Client Service Service C:\Windows\system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] StiSvc Service C:\Windows\system32\drivers\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (SwitchBoard Server (32 bit)/Adobe Systems Incorporated) [MANUAL] SwitchBoard Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] swprv Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] SysMain Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TabletInputService Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TapiSrv Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TBS Service C:\Windows\System32\drivers\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [BOOT] Tcpip Service C:\Windows\system32\DRIVERS\tcpip.sys (Sterownik TCP/IP/Microsoft Corporation) [MANUAL] TCPIP6 Service TCPIP6TUNNEL Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg Service TCPIPTUNNEL Service C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA ODD Writing Driver for x86./TOSHIBA Corporation.) [MANUAL] tdcmdpst Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx Service C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba TEMPRO/Toshiba Europe GmbH) [AUTO] TemproMonitoringService Service C:\Windows\system32\drivers\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TermService Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Themes Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] THREADORDER Service C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TSS TMachInfo Service/TOSHIBA Corporation) [MANUAL] TMachInfo Service C:\Windows\system32\TODDSrv.exe (TDCSrv Application/TOSHIBA Corporation) [AUTO] TODDSrv Service C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Power Saver/TOSHIBA Corporation) [AUTO] TosCoSrv Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TosSmartSrv.exe/TOSHIBA Corporation) [MANUAL] TOSHIBA HDD SSD Alert Service Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] TrkWks Service C:\Windows\servicing\TrustedInstaller.exe (Instalator modułów systemu Windows/Microsoft Corporation) [MANUAL] TrustedInstaller Service TSDDD Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv Service C:\Windows\system32\drivers\tsusbflt.sys (Sterownik filtru koncentratora USB dla usług pulpitu zdalnego/Microsoft Corporation) [MANUAL] TsUsbFlt Service C:\Windows\system32\DRIVERS\tunnel.sys (Sterownik interfejsu tunelu firmy Microsoft/Microsoft Corporation) [MANUAL] tunnel Service C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver/TOSHIBA Corporation) [BOOT] TVALZ Service C:\Windows\system32\DRIVERS\uagp35.sys (Filtr AGPv3.5 firmy Microsoft/Microsoft Corporation) [MANUAL] uagp35 Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs Service UGatherer Service UGTHRSVC Service C:\Windows\system32\UI0Detect.exe (Wykrywanie usług interakcyjnych/Microsoft Corporation) [MANUAL] UI0Detect Service C:\Windows\system32\drivers\uliagpkx.sys (Filtr ULi AGPv3.0 dla platform procesora K8/9/Microsoft Corporation) [MANUAL] uliagpkx Service C:\Windows\system32\drivers\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus Service C:\Windows\system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] upnphost Service C:\Windows\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir Service C:\Windows\system32\drivers\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\Windows\system32\drivers\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service C:\Windows\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] UxSms Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc Service C:\Windows\system32\drivers\vdrvroot.sys (Główny moduł wyliczający dysku wirtualnego/Microsoft Corporation) [BOOT] vdrvroot Service C:\Windows\System32\vds.exe (Usługa dysków wirtualnych/Microsoft Corporation) [MANUAL] vds Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service C:\Windows\system32\drivers\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp Service C:\Windows\system32\drivers\viaagp.sys (Filtr magistrali AGP VIA NT/Microsoft Corporation) [MANUAL] viaagp Service C:\Windows\system32\DRIVERS\viac7.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] ViaC7 Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr Service C:\Windows\System32\drivers\volmgrx.sys (Sterownik rozszerzenia menedżera woluminów/Microsoft Corporation) [BOOT] volmgrx Service C:\Windows\system32\drivers\volsnap.sys (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] volsnap Service C:\Windows\system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid Service C:\Windows\system32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service C:\Windows\system32\DRIVERS\vwifibus.sys (Sterownik wirtualnej magistrali WiFi/Microsoft Corporation) [MANUAL] vwifibus Service C:\Windows\system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] W32Time Service W3SVC Service C:\Windows\system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6 Service C:\Windows\system32\wbengine.exe (Plik EXE usługi Aparat kopii zapasowej na poziomie bloku firmy Microsoft®/Microsoft Corporation) [MANUAL] wbengine Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WbioSrvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wcncsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WcsPlugInService Service C:\Windows\system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd Service C:\Windows\system32\drivers\Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) [BOOT] Wdf01000 Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiServiceHost Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WdiSystemHost Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WebClient Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] Wecsvc Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] wercplsupport Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WerSvc Service C:\Windows\system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] WinDefend Service Windows Workflow Foundation 3.0.0.0 Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Winmgmt Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WinRM Service [MANUAL] Winsock Service WinSock2 Service C:\Windows\system32\DRIVERS\WinUsb.sys (Windows USB Class Driver BETA/Microsoft Corporation) [MANUAL] WinUsb Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] Wlansvc Service C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Windows Live Mesh Remote Desktop Service/Microsoft Corporation) [DISABLED] wlcrasvc Service C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft® Windows Live ID Service/Microsoft Corp.) [AUTO] wlidsvc Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi Service WmiApRpl Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [MANUAL] WMPNetworkSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WPCSvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [DISABLED] WPDBusEnum Service C:\Windows\system32\drivers\ws2ifsl.sys (Warstwa Winsock2 IFS/Microsoft Corporation) [DISABLED] ws2ifsl Service C:\Windows\System32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wscsvc Service C:\Windows\system32\SearchIndexer.exe (Indeksator programu Microsoft Windows Search/Microsoft Corporation) [DISABLED] WSearch Service WSearchIdxPi Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wuauserv Service C:\Windows\system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [AUTO] wudfsvc Service C:\Windows\system32\svchost.exe (Proces hosta dla usług systemu Windows/Microsoft Corporation) [MANUAL] WwanSvc Service xmlprov Service {1C09ED2E-BEB6-42ED-8CEF-35FB574A56F9} Service {421437D5-0F6E-4F66-8991-6361227C2BBE} Service {AB79FB7B-1B28-4E86-A144-705D74736022} Service {B78514DA-6175-4B4D-81A0-2F205D2BB38D} Service {E9A9F061-1CE0-4873-B831-38EC778A3245} ---- EOF - GMER 1.0.15 ---- [/log]
wirusolog komentarz 27 czerwca 2011 komentarz 27 czerwca 2011 Daj komplet logów: [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u].
grzalu123 komentarz 27 czerwca 2011 Autor komentarz 27 czerwca 2011 Komplet logów o które prosiłeś został dodany.
wirusolog komentarz 27 czerwca 2011 komentarz 27 czerwca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL MsConfig - StartUpReg: TosNC - hkey= - key= - File not found MsConfig - StartUpReg: TosReelTimeMonitor - hkey= - key= - File not found :Files C:\Users\GregoR\AppData\Local\Temp*.html :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] W panelu sterowania ([b]dodaj lub usuń programy[/b]) odinstaluj śmietki: [b]Softonic-Polska / Conduit Ltd. , ConduitEngine[/b] [b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [b]Clean[/b] Pokaż raport z tego narzędzia. [b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania. 1
grzalu123 komentarz 27 czerwca 2011 Autor komentarz 27 czerwca 2011 (edytowane) Wykonałem wszystko to co kazałeś oto nowe logi: [log]======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:51:04 on 27/06/2011, Normal boot Microsoft Windows 7 Starter Service Pack 1 (X86) GregoR@GREGOR-TOSHIBA (TOSHIBA TOSHIBA NB250) ============== ACTION(S) ============== Folder deleted: C:\Program Files\Conduit Folder deleted: C:\Program Files\ConduitEngine Folder deleted: C:\Users\GregoR\AppData\LocalLow\PriceGong (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2530240 Key deleted: HKLM\Software\Conduit Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\PriceGong Key deleted: HKCU\Software\AppDataLow\Software\Toolbar Key deleted: HKLM\Software\GMABooster\OpenCandy Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0 (pl)] **** Plugins\npBitCometAgent.dll (BitComet) Plugins\npwachk.dll (Nullsoft, Inc.) Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) Extensions\arcabit@www.arcabit.pl (ArcaBit Ext.) -- C:\Users\GregoR\AppData\Roaming\Mozilla\FireFox\Profiles\9tb51cpr.default -- Prefs.js - browser.download.lastDir, C:\\Users\\GregoR\\Desktop Prefs.js - browser.startup.homepage, google.pl Prefs.js - browser.startup.homepage_override.buildID, 20110615151330 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0 ======================================== **** Google Chrome Version [12.0.742.100] **** -- C:\Users\GregoR\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.google.pl/ Preferences - homepage_is_newtabpage: true Plugin - BitCometAgent (Enabled: true) (C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npBitCometAgent.dll) Plugin - Windows Live\u0099 Photo Gallery (Enabled: true) (C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll) Plugin - "Windows Live\u0099 Photo Gallery" (Enabled: true) Plugin - "BitCometAgent" (Enabled: true) Plugin - "Winamp Application Detector" (Enabled: true) ======================================== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} (x) HKCU_SearchScopes\{3E257421-DAF6-475A-806F-E2E1F6168614} - "Amazon" (hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-w...) HKCU_SearchScopes\{3FDA090A-A8F2-469A-8E8B-07001D306484} - "eBay" (hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}) HKCU_SearchScopes\{7D9D9E73-66B3-4309-836E-554B17C971A7} - "?" (?) HKCU_Toolbar\WebBrowser|{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} (x) HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.) HKLM_Extensions\{40525A66-DB98-480D-BCF9-7AF88C1AF438} - "ArcaVir >>" (C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll,203) HKLM_Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - "BitComet" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll,203) BHO\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - "BitComet Helper" (C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll) BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files\Microsoft\BingBar\BingExt.dll") (x) ======================================== C:\Program Files\Ad-Remover\Quarantine: 31 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 27/06/2011 20:51:12 (5553 Byte(s)) End at: 20:53:36, 27/06/2011 ============== E.O.F ============== [/log] [log]All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TosNC\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TosReelTimeMonitor\ deleted successfully. ========== FILES ========== C:\Users\GregoR\AppData\Local\TempaD4636.html moved successfully. C:\Users\GregoR\AppData\Local\TempAqA984.html moved successfully. C:\Users\GregoR\AppData\Local\TempBB4284.html moved successfully. C:\Users\GregoR\AppData\Local\TempBd1108.html moved successfully. C:\Users\GregoR\AppData\Local\TempBV5452.html moved successfully. C:\Users\GregoR\AppData\Local\TempBx5864.html moved successfully. C:\Users\GregoR\AppData\Local\TempcM5452.html moved successfully. C:\Users\GregoR\AppData\Local\TempcO4772.html moved successfully. C:\Users\GregoR\AppData\Local\TempCt4684.html moved successfully. C:\Users\GregoR\AppData\Local\TempCW2944.html moved successfully. C:\Users\GregoR\AppData\Local\TempcY6028.html moved successfully. C:\Users\GregoR\AppData\Local\TempCzw512.html moved successfully. C:\Users\GregoR\AppData\Local\TempDE2640.html moved successfully. C:\Users\GregoR\AppData\Local\TempDs4636.html moved successfully. C:\Users\GregoR\AppData\Local\TempdT2924.html moved successfully. C:\Users\GregoR\AppData\Local\TempDTI700.html moved successfully. C:\Users\GregoR\AppData\Local\TempDV4352.html moved successfully. C:\Users\GregoR\AppData\Local\TempDW3688.html moved successfully. C:\Users\GregoR\AppData\Local\TempEB5864.html moved successfully. C:\Users\GregoR\AppData\Local\Temped3324.html moved successfully. C:\Users\GregoR\AppData\Local\Tempee4736.html moved successfully. C:\Users\GregoR\AppData\Local\Tempei4560.html moved successfully. C:\Users\GregoR\AppData\Local\Tempel1632.html moved successfully. C:\Users\GregoR\AppData\Local\TempFD2736.html moved successfully. C:\Users\GregoR\AppData\Local\Tempfe6036.html moved successfully. C:\Users\GregoR\AppData\Local\TempFi4648.html moved successfully. C:\Users\GregoR\AppData\Local\TempFK4932.html moved successfully. C:\Users\GregoR\AppData\Local\TempFL4788.html moved successfully. C:\Users\GregoR\AppData\Local\TempFO4352.html moved successfully. C:\Users\GregoR\AppData\Local\Tempfo4784.html moved successfully. C:\Users\GregoR\AppData\Local\Tempgg1544.html moved successfully. C:\Users\GregoR\AppData\Local\Tempgi1336.html moved successfully. C:\Users\GregoR\AppData\Local\TempGI5892.html moved successfully. C:\Users\GregoR\AppData\Local\TempGM1136.html moved successfully. C:\Users\GregoR\AppData\Local\TempGn3404.html moved successfully. C:\Users\GregoR\AppData\Local\TempGRw892.html moved successfully. C:\Users\GregoR\AppData\Local\TempgS5552.html moved successfully. C:\Users\GregoR\AppData\Local\TempGy2576.html moved successfully. C:\Users\GregoR\AppData\Local\TemphC3204.html moved successfully. C:\Users\GregoR\AppData\Local\TemphO2852.html moved successfully. C:\Users\GregoR\AppData\Local\TempHY1632.html moved successfully. C:\Users\GregoR\AppData\Local\Tempia1108.html moved successfully. C:\Users\GregoR\AppData\Local\Tempin3264.html moved successfully. C:\Users\GregoR\AppData\Local\TempIO1984.html moved successfully. C:\Users\GregoR\AppData\Local\TempIoh504.html moved successfully. C:\Users\GregoR\AppData\Local\TempiZ3028.html moved successfully. C:\Users\GregoR\AppData\Local\Tempjc1584.html moved successfully. C:\Users\GregoR\AppData\Local\TempJD3416.html moved successfully. C:\Users\GregoR\AppData\Local\TempjM6084.html moved successfully. C:\Users\GregoR\AppData\Local\Tempjn3588.html moved successfully. C:\Users\GregoR\AppData\Local\TempkR5540.html moved successfully. C:\Users\GregoR\AppData\Local\TempLA5904.html moved successfully. C:\Users\GregoR\AppData\Local\Templl5132.html moved successfully. C:\Users\GregoR\AppData\Local\TemplY1012.html moved successfully. C:\Users\GregoR\AppData\Local\TempMl4560.html moved successfully. C:\Users\GregoR\AppData\Local\TempMr1752.html moved successfully. C:\Users\GregoR\AppData\Local\Tempnc3688.html moved successfully. C:\Users\GregoR\AppData\Local\TempNE5904.html moved successfully. C:\Users\GregoR\AppData\Local\Tempnf2576.html moved successfully. C:\Users\GregoR\AppData\Local\TempNt1308.html moved successfully. C:\Users\GregoR\AppData\Local\Tempoj5152.html moved successfully. C:\Users\GregoR\AppData\Local\TempOo1632.html moved successfully. C:\Users\GregoR\AppData\Local\TempoV5152.html moved successfully. C:\Users\GregoR\AppData\Local\TempoY1424.html moved successfully. C:\Users\GregoR\AppData\Local\TempOY4020.html moved successfully. C:\Users\GregoR\AppData\Local\TempPI5552.html moved successfully. C:\Users\GregoR\AppData\Local\TempPl1544.html moved successfully. C:\Users\GregoR\AppData\Local\Temppq3748.html moved successfully. C:\Users\GregoR\AppData\Local\Temppw1112.html moved successfully. C:\Users\GregoR\AppData\Local\TempQA3696.html moved successfully. C:\Users\GregoR\AppData\Local\TempQd4920.html moved successfully. C:\Users\GregoR\AppData\Local\TemprH2388.html moved successfully. C:\Users\GregoR\AppData\Local\Temprk4176.html moved successfully. C:\Users\GregoR\AppData\Local\Temprk5132.html moved successfully. C:\Users\GregoR\AppData\Local\TempRL3096.html moved successfully. C:\Users\GregoR\AppData\Local\TempRV4552.html moved successfully. C:\Users\GregoR\AppData\Local\TemprX4548.html moved successfully. C:\Users\GregoR\AppData\Local\TempRZ3696.html moved successfully. C:\Users\GregoR\AppData\Local\TempSe3028.html moved successfully. C:\Users\GregoR\AppData\Local\Tempsf3096.html moved successfully. C:\Users\GregoR\AppData\Local\TempsK3404.html moved successfully. C:\Users\GregoR\AppData\Local\Tempsk6024.html moved successfully. C:\Users\GregoR\AppData\Local\TempSS6084.html moved successfully. C:\Users\GregoR\AppData\Local\TempTH1584.html moved successfully. C:\Users\GregoR\AppData\Local\TempTq1044.html moved successfully. C:\Users\GregoR\AppData\Local\TempuA3784.html moved successfully. C:\Users\GregoR\AppData\Local\TempuC1728.html moved successfully. C:\Users\GregoR\AppData\Local\TempUG1012.html moved successfully. C:\Users\GregoR\AppData\Local\TempUM3924.html moved successfully. C:\Users\GregoR\AppData\Local\TempuU2388.html moved successfully. C:\Users\GregoR\AppData\Local\Tempvc1424.html moved successfully. C:\Users\GregoR\AppData\Local\TempVP4648.html moved successfully. C:\Users\GregoR\AppData\Local\TempWa1652.html moved successfully. C:\Users\GregoR\AppData\Local\Tempwa4944.html moved successfully. C:\Users\GregoR\AppData\Local\TempWm3784.html moved successfully. C:\Users\GregoR\AppData\Local\TempWo1044.html moved successfully. C:\Users\GregoR\AppData\Local\Tempwr3924.html moved successfully. C:\Users\GregoR\AppData\Local\TempWW4280.html moved successfully. C:\Users\GregoR\AppData\Local\TempxN4028.html moved successfully. C:\Users\GregoR\AppData\Local\TempxO3896.html moved successfully. C:\Users\GregoR\AppData\Local\TempxY3264.html moved successfully. C:\Users\GregoR\AppData\Local\TempxZ1136.html moved successfully. C:\Users\GregoR\AppData\Local\Tempyp1640.html moved successfully. C:\Users\GregoR\AppData\Local\TempYp2680.html moved successfully. C:\Users\GregoR\AppData\Local\Tempyt4552.html moved successfully. C:\Users\GregoR\AppData\Local\TempzG1640.html moved successfully. C:\Users\GregoR\AppData\Local\TempZH2944.html moved successfully. C:\Users\GregoR\AppData\Local\TempZU5408.html moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: GregoR ->Flash cache emptied: 834 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: GregoR ->Temp folder emptied: 7768 bytes ->Temporary Internet Files folder emptied: 475270 bytes ->Java cache emptied: 1443254 bytes ->FireFox cache emptied: 66477656 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 840 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 66,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06272011_204256 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] [log]OTL logfile created on: 2011-06-27 21:14:49 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,72% Memory free 3,99 Gb Paging File | 2,98 Gb Available in Paging File | 74,82% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 5,54 Gb Free Space | 7,44% Space Free | Partition Type: NTFS Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe PRC - [2011-06-26 21:36:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-06-16 22:23:05 | 000,494,160 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe PRC - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe PRC - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe PRC - [2011-05-25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe PRC - [2011-04-27 20:29:10 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\blueconnect\DataCardMonitor.exe PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe PRC - [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2010-11-20 14:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-11-20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2010-11-20 14:17:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe PRC - [2010-10-24 20:20:18 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2010-10-24 20:20:18 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2010-10-24 20:20:16 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2010-10-24 20:20:16 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2010-10-24 20:20:16 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2010-09-21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010-09-21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe PRC - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010-04-13 17:25:00 | 008,555,040 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010-04-13 17:24:58 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010-03-25 13:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2010-03-10 18:49:06 | 000,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2010-03-10 18:49:04 | 001,697,064 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2010-02-28 03:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2010-02-22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe PRC - [2010-02-05 17:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe PRC - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe PRC - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-12-31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\GregoR\AppData\Roaming\blueconnect\ouc.exe PRC - [2009-12-25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009-11-05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2009-08-13 12:31:24 | 000,521,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe PRC - [2009-07-28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2009-07-14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-07-14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-07-14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008-10-25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-06-27 16:10:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\GregoR\Downloads\OTL.exe MOD - [2011-02-25 07:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010-11-20 14:24:36 | 001,288,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2010-11-20 14:21:36 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2010-11-20 14:21:34 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2010-11-20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010-11-20 14:21:33 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2010-11-20 14:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010-11-20 14:21:24 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2010-11-20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010-11-20 14:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2010-11-20 14:21:15 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2010-11-20 14:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2010-11-20 14:21:07 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2010-11-20 14:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010-11-20 14:21:03 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2010-11-20 14:20:57 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2010-11-20 14:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2010-11-20 14:20:49 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2010-11-20 14:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010-11-20 14:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2010-11-20 14:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2010-11-20 14:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2010-11-20 14:19:05 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2010-11-20 14:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2010-11-20 14:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010-11-20 14:18:03 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2010-11-20 14:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2010-11-20 14:16:50 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009-07-14 03:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-07-14 03:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-06-15 12:36:12 | 000,535,120 | ---- | M] () [Auto | Running] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService) SRV - [2011-05-31 22:48:53 | 000,137,808 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaConfSV.exe -- (ABConfSV) SRV - [2011-05-04 17:43:00 | 000,150,992 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV) SRV - [2011-04-24 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011-03-29 20:27:22 | 000,186,960 | ---- | M] (ArcaBit) [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\ArcaBackup\ArcaBackupService.exe -- (AVBackup) SRV - [2011-03-05 23:13:54 | 000,129,616 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2) SRV - [2011-02-28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-02-25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010-12-03 14:47:10 | 000,117,328 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate) SRV - [2010-10-26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe) SRV - [2010-04-24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010-04-24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-02-05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010-01-28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService) SRV - [2010-01-15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-11-05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009-10-06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009-07-28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-03-10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-03-05 23:13:53 | 000,052,304 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT) DRV - [2011-02-13 00:10:25 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-10-26 14:04:30 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI) DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010-04-24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010-04-24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010-04-24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010-04-24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010-04-09 15:24:18 | 000,069,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2010-04-09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-03-25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-03-12 11:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009-11-06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter) DRV - [2009-07-30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2009-07-14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009-06-22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect) DRV - [2009-01-18 18:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\porttalk.sys -- (PortTalk) DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "google.pl" FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-26 21:36:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-14 16:41:09 | 000,000,000 | ---D | M] [2011-03-22 23:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Extensions [2011-05-24 16:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GregoR\AppData\Roaming\mozilla\Firefox\Profiles\9tb51cpr.default\extensions [2011-04-25 13:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-04-24 22:32:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-04-25 13:21:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl File not found (No name found) -- () (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011-06-26 21:36:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-27 15:36:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^GregoR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: [b]NBAgent[/b] - hkey= - key= - c:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: [b]SUPERAntiSpyware[/b] - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Toshiba Registration[/b] - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) MsConfig - StartUpReg: [b]Toshiba TEMPRO[/b] - hkey= - key= - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) MsConfig - StartUpReg: [b]ToshibaServiceStation[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) MsConfig - StartUpReg: [b]TosVolRegulator[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) MsConfig - StartUpReg: [b]TWebCamera[/b] - hkey= - key= - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-06-27 20:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-06-27 20:42:56 | 000,000,000 | ---D | C] -- C:\_OTL [2011-06-27 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-06-27 16:36:20 | 000,000,000 | ---D | C] -- C:\rsit [2011-06-27 15:41:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-06-27 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\temp [2011-06-27 15:35:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-06-27 15:17:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-06-27 15:17:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-06-27 15:17:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-06-27 15:16:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-06-27 15:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-06-27 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\RGE [2011-06-27 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarterBackgroundChanger [2011-06-27 12:06:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\Apple Computer [2011-06-14 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple Computer [2011-06-14 16:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011-06-14 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011-06-14 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011-06-14 16:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011-06-14 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011-06-14 16:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011-06-14 16:39:54 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\Apple [2011-06-14 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011-06-14 16:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011-06-14 16:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-06-09 18:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-06-07 19:22:19 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{DAC5946F-369C-485B-A88B-4694B723F4DD} [2011-06-01 20:00:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Disco Polo [2011-06-01 20:00:07 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\muzyyka [2011-06-01 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\U3 [2011-05-31 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Arena Wysoka [2011-05-31 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Muza Od Rafała [2011-05-30 14:26:47 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\CyberLink [2011-05-30 14:25:45 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\CyberLink [2011-05-30 14:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011-05-30 14:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2011-05-30 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2011-05-26 15:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena [2011-05-26 15:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Quake III Arena [2011-05-26 14:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com [2011-05-26 14:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer [2011-05-23 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\blueconnect [2011-05-20 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\178 [2011-05-17 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{5FD28280-6D76-4821-AE2D-F1515299904D} [2011-05-17 14:52:52 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{3495CC1B-D975-45D7-B3E8-E2D141E75797} [2011-05-16 18:46:44 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Documents\Notesy programu OneNote [2011-05-16 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{4B0ED46E-60AF-44CC-9E70-0F3B7AE14376} [2011-05-13 15:10:01 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Local\{D95E359E-926A-4274-9350-293317FBEB5E} [2011-05-13 07:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [2011-05-13 07:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2011-05-12 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Energy_Mix_-_Volume_24_2011 [2011-05-10 22:40:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter [2011-05-10 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\NetMeter [2011-05-08 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software [2011-05-04 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\AIMP [2011-05-04 19:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2 [2011-05-04 19:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2011-05-04 17:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0 [2011-05-04 16:30:04 | 000,000,000 | ---D | C] -- C:\Users\GregoR\.thumbnails [2011-05-04 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011-05-04 16:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2011-05-04 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\GregoR\Desktop\Mp3 [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-06-27 21:21:06 | 003,670,016 | -HS- | M] () -- C:\Users\GregoR\NTUSER.DAT [2011-06-27 21:02:27 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 21:02:27 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 20:57:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000UA.job [2011-06-27 20:54:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-06-27 20:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-27 20:54:45 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys [2011-06-27 20:54:00 | 005,586,367 | -H-- | M] () -- C:\Users\GregoR\AppData\Local\IconCache.db [2011-06-27 20:51:02 | 000,001,804 | ---- | M] () -- C:\Users\GregoR\Desktop\AD-R.lnk [2011-06-27 15:36:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2011-06-27 15:36:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-06-27 13:43:11 | 001,559,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-06-27 13:43:11 | 000,701,704 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-27 13:43:11 | 000,619,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-27 13:43:11 | 000,136,432 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-27 13:43:11 | 000,107,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-27 13:05:12 | 000,000,017 | ---- | M] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg [2011-06-27 12:13:14 | 000,013,812 | ---- | M] () -- C:\Windows\System32\results.xml [2011-06-25 22:57:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193016258-3817806477-758741741-1000Core.job [2011-06-14 16:43:45 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-06-14 16:40:49 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-06-09 07:43:46 | 000,000,855 | ---- | M] () -- C:\Users\GregoR\.recently-used.xbel [2011-06-09 07:37:31 | 000,135,624 | ---- | M] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png [2011-06-05 13:19:53 | 000,000,048 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2011-05-31 08:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-05-30 14:26:44 | 000,000,000 | ---- | M] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList [2011-05-30 14:25:21 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\PowerDVD.lnk [2011-05-26 18:05:52 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI [2011-05-26 15:54:31 | 000,000,952 | ---- | M] () -- C:\Windows\QIII.INI [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-05-26 07:37:35 | 000,000,099 | ---- | M] () -- C:\Users\GregoR\Desktop\Bass-party.pls [2011-05-26 07:34:29 | 000,000,071 | ---- | M] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u [2011-05-25 14:59:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011-05-25 09:56:55 | 000,006,503 | ---- | M] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0 [2011-05-20 10:35:56 | 000,029,334 | ---- | M] () -- C:\Users\GregoR\Desktop\Sygna.jpg [2011-05-13 07:00:15 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2011-05-12 21:14:10 | 134,231,803 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3 [2011-05-12 21:12:30 | 127,388,193 | ---- | M] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3 [2011-05-12 21:09:42 | 074,673,508 | ---- | M] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3 [2011-05-04 20:39:12 | 000,111,224 | ---- | M] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT [2011-05-04 19:20:43 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-05-04 17:46:34 | 003,771,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-05-04 17:44:34 | 000,001,322 | ---- | M] () -- C:\Users\GregoR\Desktop\metin2.lnk [2011-05-04 16:02:24 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-27 20:51:02 | 000,001,804 | ---- | C] () -- C:\Users\GregoR\Desktop\AD-R.lnk [2011-06-27 15:17:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-06-27 15:17:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-06-27 15:17:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-06-27 15:17:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-06-27 15:17:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-06-27 13:05:12 | 000,000,017 | ---- | C] () -- C:\Users\GregoR\AppData\Local\resmon.resmoncfg [2011-06-14 16:43:45 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-06-14 16:40:49 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011-06-14 16:39:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011-06-09 07:43:46 | 000,000,855 | ---- | C] () -- C:\Users\GregoR\.recently-used.xbel [2011-06-09 07:37:22 | 000,135,624 | ---- | C] () -- C:\Users\GregoR\Desktop\2241_render_warrior.png [2011-06-05 13:19:53 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011-05-31 08:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011-05-30 14:26:44 | 000,000,000 | ---- | C] () -- C:\Users\GregoR\Documents\PDVD_MediaDisc.PlayList [2011-05-30 14:25:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\PowerDVD.lnk [2011-05-26 18:05:52 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2011-05-26 14:41:34 | 000,000,952 | ---- | C] () -- C:\Windows\QIII.INI [2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011-05-26 07:37:28 | 000,000,099 | ---- | C] () -- C:\Users\GregoR\Desktop\Bass-party.pls [2011-05-26 07:34:27 | 000,000,071 | ---- | C] () -- C:\Users\GregoR\Desktop\Jablon-Party.m3u [2011-05-25 14:59:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011-05-25 09:56:55 | 000,006,503 | ---- | C] () -- C:\Users\GregoR\Desktop\Super Mario Bros (PL).ss0 [2011-05-20 10:28:11 | 000,029,334 | ---- | C] () -- C:\Users\GregoR\Desktop\Sygna.jpg [2011-05-13 07:00:15 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2011-05-12 21:01:47 | 074,673,508 | ---- | C] () -- C:\Users\GregoR\Desktop\109 Energy 2000 - Green Light Party Pres. Dj Omen (29.01.2011).mp3 [2011-05-12 21:01:23 | 134,231,803 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Hot Sexy Mini Night Sala DANCE (26.02.2011).mp3 [2011-05-12 21:00:45 | 127,388,193 | ---- | C] () -- C:\Users\GregoR\Desktop\Energy 2000 - Kamikadze Party (30.04.2011) 20.01-22.30.mp3 [2011-05-04 19:20:39 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-05-04 17:44:34 | 000,001,322 | ---- | C] () -- C:\Users\GregoR\Desktop\metin2.lnk [2011-05-04 16:02:24 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011-02-27 19:38:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011-02-27 19:28:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011-02-24 13:23:43 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2011-02-17 08:46:01 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011-01-30 14:48:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-01-30 14:48:00 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-01-30 14:48:00 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2011-01-30 14:47:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010-12-18 20:08:07 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010-12-04 12:35:23 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010-11-28 13:29:36 | 000,000,168 | ---- | C] () -- C:\Windows\adidsl.ini [2010-11-28 13:29:36 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini [2010-11-28 13:29:04 | 000,001,094 | ---- | C] () -- C:\Windows\adiras.ini [2010-11-28 13:29:03 | 000,253,008 | ---- | C] () -- C:\Windows\adirasx64.exe [2010-11-28 13:29:03 | 000,194,128 | ---- | C] () -- C:\Windows\adiras.exe [2010-11-28 13:29:00 | 000,127,456 | ---- | C] () -- C:\Windows\System32\IPDETECT.EXE [2010-11-28 13:28:51 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P2.BIN [2010-11-28 13:28:49 | 000,024,576 | ---- | C] () -- C:\Windows\enddisk32.exe [2010-11-28 13:28:45 | 000,046,892 | ---- | C] () -- C:\Windows\System32\ADADIX16.DLL [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I2.BIN [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I1.BIN [2010-11-28 13:28:38 | 000,152,220 | ---- | C] () -- C:\Windows\System32\drivers\L1E4I0.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P2.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P1.BIN [2010-11-28 13:28:38 | 000,152,132 | ---- | C] () -- C:\Windows\System32\drivers\L1E4P0.BIN [2010-11-28 13:28:38 | 000,152,036 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D2.BIN [2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D1.BIN [2010-11-28 13:28:38 | 000,152,034 | ---- | C] () -- C:\Windows\System32\drivers\L1E4D0.BIN [2010-11-28 13:28:37 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P0.BIN [2010-11-28 13:28:37 | 000,022,395 | ---- | C] () -- C:\Windows\System32\drivers\fpga.bin [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9P1.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I2.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I1.BIN [2010-11-28 13:28:36 | 000,152,126 | ---- | C] () -- C:\Windows\System32\drivers\L1E9I0.BIN [2010-11-20 16:21:33 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-11-20 16:21:33 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-11-20 14:09:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-11-20 13:51:38 | 005,586,367 | -H-- | C] () -- C:\Users\GregoR\AppData\Local\IconCache.db [2010-11-20 13:41:28 | 000,111,224 | ---- | C] () -- C:\Users\GregoR\AppData\Local\GDIPFONTCACHEV1.DAT [2010-09-25 20:07:48 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010-09-25 19:44:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2010-09-25 19:41:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010-09-25 19:34:49 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010-09-25 19:34:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010-05-20 14:11:01 | 001,559,892 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2009-07-14 10:07:57 | 000,701,704 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,432 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 003,771,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 000,619,356 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,418 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 04:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 04:04:23 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-13 23:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2009-07-13 23:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2009-07-13 23:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2009-07-13 23:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2009-07-13 23:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2009-07-13 23:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2009-07-13 23:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2009-07-13 23:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2009-07-13 23:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2009-07-13 23:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2009-07-13 23:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2009-07-13 23:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2009-07-13 23:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2009-07-13 23:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2009-07-13 23:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009-07-13 23:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009-07-13 23:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009-07-13 23:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009-07-13 23:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009-07-13 23:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009-07-13 23:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009-07-13 23:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009-07-13 23:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009-07-13 23:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009-07-13 23:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009-07-13 23:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009-07-13 23:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009-07-13 23:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009-07-13 23:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009-07-13 22:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009-06-10 23:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2009-06-10 23:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [color=#E56717]========== LOP Check ==========[/color] [2011-06-07 07:11:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\AIMP [2011-05-30 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\BitComet [2011-05-23 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\blueconnect [2011-02-24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\COWON [2010-12-04 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\DAEMON Tools Lite [2011-04-15 06:35:58 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\FOG Downloader [2010-11-20 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Gadu-Gadu 10 [2011-06-09 07:43:47 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\gtk-2.0 [2011-03-26 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\IObit [2011-02-17 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\ipla [2010-11-21 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\MargonemMapki [2011-05-10 22:35:12 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\NetMeter [2010-11-20 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\OpenFM [2011-01-22 22:15:34 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\PhotoFiltre [2010-11-20 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RDRM [2011-06-27 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\RGE [2011-02-27 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Samsung [2010-12-23 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\SoftGrid Client [2010-11-30 19:57:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010-12-11 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Tibia [2010-11-20 14:33:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Toshiba [2010-11-21 00:06:39 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TP [2010-12-17 21:31:57 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TS3Client [2011-03-13 23:46:03 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\TuneUp Software [2010-12-11 00:47:40 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\WinBatch [2011-04-01 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\GregoR\AppData\Roaming\Windows Live Writer [2011-06-21 13:22:52 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011-06-27 15:40:53 | 000,025,851 | ---- | M] () -- C:\ComboFix.txt [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-06-27 20:54:45 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-05-26 14:41:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011-06-27 20:54:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010-09-25 19:35:55 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log [2010-06-25 07:15:15 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys [2010-11-20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\ERDNT\cache\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010-11-20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-10-28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009-10-28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2011-06-27 21:14:49 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\GregoR\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,72% Memory free 3,99 Gb Paging File | 2,98 Gb Available in Paging File | 74,82% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 5,54 Gb Free Space | 7,44% Space Free | Partition Type: NTFS Drive D: | 74,13 Gb Total Space | 53,83 Gb Free Space | 72,61% Space Free | Partition Type: NTFS Computer Name: GREGOR-TOSHIBA | User Name: GregoR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C6994E1-3AE1-4CDD-A760-1628E6B8CD03}" = Windows Live Family Safety "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook "{9FE65E62-D027-47F7-B32D-8CAC60026D75}" = ArcaVir "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{a6f85984-f0c1-42f1-95a5-3d8f9bdace2d}" = Nero 9 Essentials "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F41B3F68-C137-477A-9DD5-E231F512D84F}" = ArcaVir Prerequistes "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ad-Remover" = Ad-Remover par C_XX "AIMP2" = AIMP2 "ALLPlayer_is1" = ALLPlayer V4.X "AQQ" = WapSter AQQ "BitComet" = BitComet 1.25 "blueconnect" = blueconnect "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "ENTERPRISE" = Microsoft Office Enterprise 2007 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Icy Tower v1.4_is1" = Icy Tower v1.4 "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Hasło administratora "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = Sprzęt instalacyjny TOSHIBA "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board "InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = Program TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "ipla" = ipla 2.2.1 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Mobile Partner" = Mobile Partner "Mozilla Firefox 5.0 (x86 pl)" = Mozilla Firefox 5.0 (x86 pl) "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Picasa 3" = Picasa 3 "Quake III Arena" = Quake III Arena "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Speccy" = Speccy "StarterBackgroundChanger" = StarterBackgroundChanger "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tibia_is1" = Tibia "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-02 06:05:34 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku zasad "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu 3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu "version" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-02 06:05:49 | Computer Name = GregoR-TOSHIBA | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2011-06-02 11:20:39 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 13 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = VSS | ID = 8193 Description = Error - 2011-06-03 13:53:21 | Computer Name = GregoR-TOSHIBA | Source = System Restore | ID = 8193 Description = Error - 2011-06-05 05:39:08 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-05 05:42:32 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-05 05:42:33 | Computer Name = GregoR-TOSHIBA | Source = RasClient | ID = 20227 Description = Error - 2011-06-06 15:50:41 | Computer Name = GregoR-TOSHIBA | Source = DUMeterSvc | ID = 1 Description = [ OSession Events ] Error - 2011-02-18 02:03:55 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1233 seconds with 720 seconds of active time. This session ended with a crash. Error - 2011-02-18 02:14:25 | Computer Name = GregoR-TOSHIBA | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 567 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-06-27 14:44:21 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%1058 Error - 2011-06-27 14:46:36 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2011-06-27 14:46:38 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2011-06-27 14:54:43 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2011-06-27 14:54:48 | Computer Name = GregoR-TOSHIBA | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2011-06-27 14:54:51 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%1058 Error - 2011-06-27 14:55:21 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2011-06-27 14:55:22 | Computer Name = GregoR-TOSHIBA | Source = Service Control Manager | ID = 7001 Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2011-06-27 14:55:33 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2011-06-27 14:55:36 | Computer Name = GregoR-TOSHIBA | Source = WMPNetworkSvc | ID = 866300 Description = < End of report > [/log] Chciałem również się spytać jak w tym windowsie 7 starter zmienić wygląd paska start, gdyż od dawna mam z nim problem mianowicie jest on taki jak w windowsie 95 czy 98 (szary).Próbowałem przez zmień schemat kolorów lecz niema tam tego prawidłowego z tego windowsa. Są tylko jakieś mocno kontrastowe, czy jest jakiś bezpieczny program który zmieniłby mi wygląd tego paska jak widać nie dam rady zmienić na ten ORYGINALNY WINDOWSOWSKI
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 Została mała poprawka no i kroki końcowe. [hr] [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O3 - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\Toolbar\WebBrowser: (no name) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No CLSID value found. [2011-04-07 22:33:59 | 000,000,000 | ---D | M] (ArcaBit Ext.) -- C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl File not found (No name found) -- () (No name found) -- C:\USERS\GREGOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TB51CPR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI IE - HKU\S-1-5-21-2193016258-3817806477-758741741-1000\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found [/code] Kliknij w [b]Wykonaj Skrypt[/b]. [b]2.[/b] W OTL wciśnij przycisk [b]Sprzątanie[/b]. [b]3.[/b] Uruchom Ad-Remover'a i wciśnij [b]UNINSTALL[/b]. [b]4.[/b] Odinstaluj prawidłowo ComboFix'a: Start>>>Uruchom>>>wklep tam to: [b]"c:\users\GregoR\Downloads\ComboFix.exe" /uninstall[/b] wciśnij ENTER. ComboFix zostanie odinstalowany. [b]5.[/b] Aktualizacja zabezpieczeń: [quote] "KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 24 "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.4 - Polish [/quote] [url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"][b][color="#0000FF"]Java 6 Update 26[/color][/b][/url] / [url="http://get.adobe.com/reader/"][color="#0000FF"][b]Adobe Reader X (10.1)[/b][/color][/url] / [url="http://get.adobe.com/flashplayer/"][color="#0000FF"][b]Adobe Flash Player 10.3.181.26[/b][/color][/url] / możesz zaktualizować Kodeki do wersji [url=http://www.dobreprogramy.pl/KLite-Codec-Pack,Program,Windows,13137.html][b][color=blue][u]7.20[/url][/b][/color][/u] / i Skype do wersji [url=http://www.dobreprogramy.pl/Skype,Program,Windows,13018.html][b][color=blue][u]5.3[/url][/b][/color][/u] [b]6.[/b] Do wyczyszczenia punkty przywracania systemu: [url=http://www.searchengines.pl/Czyszczenie-punktow-przywracania-systemu-t141981.html][b][color="#0000FF"][u]LINK[/url][/b][/color][/u] [b]7.[/b] Zalecam [b]pełne skanowanie[/b] [url=http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][b][color="#0000FF"][u]MBAM[/url][/b][/color][/u] (po instalacji zaaktualizuj ręczne baze wirusów, usuń to co znajdzie i wklej raport końcowy). 1
grzalu123 komentarz 28 czerwca 2011 Autor komentarz 28 czerwca 2011 (edytowane) Wszystkie wskazane kroki zostały wykonane prosze nowe logi: [log]========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86EB8A9-CCC2-4B6C-B75D-73576ED591BF}\ not found. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\components folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\skin folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\arcabit@www.arcabit.pl folder moved successfully. Registry value HKEY_USERS\S-1-5-21-2193016258-3817806477-758741741-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf}\ not found. OTL by OldTimer - Version 3.2.24.1 log created on 06282011_110639 [/log] [log]Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Wersja bazy: 6966 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 2011-06-28 13:38:40 mbam-log-2011-06-28 (13-38-40).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|Q:\|) Przeskanowano obiektów: 291970 Upłynęło: 2 godzin(y), 6 minut(y), 35 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) [/log] Pozostaje chyba teraz tylko kwestia wcześniej pisanego przeze mnie problemu związanego z starym wyglądem pasku start i niemożliwości zmiany na oryginalny wygląd windows 7 (niebieskiego). A mam szaro i buro @edit Czy mogę usunąć już tego antywirusa? bo jest to wersja trial.
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 Jakiego Antyvirusa? O co Ci chodzi? Co do Twojego problemu - to nie jest ten dział, @[b]Moderator[/b] powinnien przenieśc temat do innego działu. 1
grzalu123 komentarz 28 czerwca 2011 Autor komentarz 28 czerwca 2011 Znaczy sie pisząc antywirus miałem na myśli ten programik : MBAM czy mogę go odinstalować ? Aha jeszcze jedno dzięki za pomoc leci + dla ciebie.
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 Po co odinstalowywać? To jest bardzo dobry skaner, warto nim skanować raz w tygodniu!
grzalu123 komentarz 28 czerwca 2011 Autor komentarz 28 czerwca 2011 Ok będę nim skanował kiedy tylko się da. A powiedz mi jak możesz w jakim dziale mogę napisać temat o tym pasku start? Jeszcze raz dzięki za pomoc!!!
wirusolog komentarz 28 czerwca 2011 komentarz 28 czerwca 2011 W dziale [url=http://www.forumpc.pl/index.php?showforum=164][b][color=blue][u]Windows 7[/url][/b][/color][/u].
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.