logs.zip

Jak usunąć infekcję Autorun.inf z pendrive i twardego dysku? Logi do analizy

Pokręciłem.. już wrzucam. ( logi z OTL i 2 mi wygenerowal program RSIT)

Pobierz plik - link do postu

• logs.zip
  • OTL.Txt
  • info.txt
  • log.txt

logs.zip > OTL.Txt

OTL logfile created on: 2011-04-06 09:55:11 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Grzegorz\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 24,14 Gb Free Space | 20,73% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 24,29 Gb Free Space | 23,19% Space Free | Partition Type: NTFS

Computer Name: GRZEGORZ-PC | User Name: Grzegorz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-04-06 09:50:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Grzegorz\Downloads\OTL.exe
PRC - [2011-03-24 20:36:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-24 20:36:43 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-06-26 00:49:48 | 000,453,200 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
PRC - [2010-06-07 09:57:18 | 001,576,072 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
PRC - [2010-06-07 09:57:18 | 000,240,776 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
PRC - [2010-06-03 03:38:22 | 000,183,488 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
PRC - [2010-06-03 03:29:48 | 000,102,453 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
PRC - [2010-06-02 21:23:30 | 000,061,493 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\Step7\S7BIN\s7hspsvx.exe
PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-05-06 12:25:40 | 001,102,848 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe
PRC - [2010-02-05 17:36:40 | 000,207,440 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
PRC - [2009-11-28 21:59:15 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009-10-28 14:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-07-04 22:28:05 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-07-04 22:17:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-04 22:05:51 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-04 22:05:51 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
PRC - [2009-07-04 22:05:50 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
PRC - [2009-04-16 08:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
PRC - [2009-04-15 17:56:31 | 000,271,760 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PRC - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009-03-23 08:52:13 | 017,149,952 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
PRC - [2009-03-21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009-03-20 03:53:54 | 003,261,688 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
PRC - [2009-03-19 00:54:58 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
PRC - [2009-03-06 13:44:49 | 000,424,352 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009-03-05 06:06:21 | 000,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009-03-05 06:06:19 | 000,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009-03-05 06:06:11 | 000,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009-03-04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009-02-07 01:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
PRC - [2008-12-29 19:21:02 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008-12-10 00:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008-11-27 04:54:00 | 000,211,512 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008-10-01 08:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008-10-01 00:17:32 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2008-08-18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2008-08-18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008-08-14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008-04-01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-21 04:34:55 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2008-01-21 04:34:50 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008-01-21 04:34:48 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008-01-21 04:34:43 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008-01-21 04:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008-01-21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008-01-21 04:34:33 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2008-01-21 04:34:32 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2008-01-21 04:34:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-01-21 04:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2008-01-21 04:33:47 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2008-01-21 04:33:24 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008-01-21 04:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008-01-21 04:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 04:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007-04-02 19:51:56 | 000,083,512 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe
PRC - [2007-02-10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-04-06 09:50:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Grzegorz\Downloads\OTL.exe
MOD - [2009-07-04 22:30:19 | 006,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2009-07-04 22:30:16 | 001,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2009-07-04 22:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2009-07-04 22:28:37 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-07-04 22:28:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-04 22:21:19 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-04 22:18:06 | 011,580,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2009-07-04 22:16:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-07-04 22:05:49 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-04 22:04:00 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-04 21:57:53 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-03-12 16:15:17 | 000,244,224 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll
MOD - [2008-01-21 04:34:50 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2008-01-21 04:34:50 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2008-01-21 04:34:47 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2008-01-21 04:34:46 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008-01-21 04:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-21 04:34:35 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-21 04:34:34 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008-01-21 04:34:22 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008-01-21 04:34:22 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2008-01-21 04:34:21 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008-01-21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008-01-21 04:34:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008-01-21 04:34:20 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008-01-21 04:34:11 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008-01-21 04:34:07 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008-01-21 04:34:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-21 04:34:05 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-21 04:34:05 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008-01-21 04:34:03 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008-01-21 04:34:03 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008-01-21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008-01-21 04:33:53 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2008-01-21 04:33:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2008-01-21 04:33:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2008-01-21 04:33:52 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008-01-21 04:33:52 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008-01-21 04:33:48 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008-01-21 04:33:47 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008-01-21 04:33:46 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008-01-21 04:33:20 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008-01-21 04:33:15 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008-01-21 04:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008-01-21 04:33:14 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-21 04:33:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008-01-21 04:32:53 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll


[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - [2010-06-09 18:39:56 | 000,277,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV - [2010-06-09 18:39:56 | 000,122,152 | ---- | M] (ArcaBit) [Disabled | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV - [2010-06-07 09:57:18 | 001,576,072 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx)
SRV - [2010-06-07 09:57:18 | 000,240,776 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX)
SRV - [2010-06-02 21:23:30 | 000,061,493 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Siemens\Step7\S7BIN\s7hspsvx.exe -- (s7hspsvx)
SRV - [2010-05-24 14:14:26 | 000,117,328 | ---- | M] (ArcaBit) [Disabled | Stopped] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
SRV - [2010-05-06 12:25:40 | 001,102,848 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe -- (almservice)
SRV - [2010-04-28 19:48:19 | 000,096,848 | ---- | M] (ArcaBit) [Disabled | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2)
SRV - [2010-02-05 17:36:40 | 000,207,440 | ---- | M] (ArcaBit) [On_Demand | Running] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator)
SRV - [2009-11-28 21:59:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-09-11 15:44:36 | 000,248,400 | ---- | M] (ArcaBit) [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe -- (ArcaBit.Core.LoggingService)
SRV - [2009-07-04 22:29:04 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009-07-04 22:28:05 | 000,551,424 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) Zdalne wywoływanie procedur (RPC)
SRV - [2009-07-04 22:28:05 | 000,551,424 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009-07-04 22:09:53 | 000,565,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2009-07-04 22:07:36 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2009-07-04 22:06:17 | 000,269,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009-07-04 22:05:51 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2009-07-04 22:04:47 | 000,156,656 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-04-15 17:56:31 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008-12-08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-21 04:35:17 | 000,658,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc) Protokół PNRP (Peer Name Resolution Protocol)
SRV - [2008-01-21 04:35:17 | 000,658,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg)
SRV - [2008-01-21 04:35:17 | 000,658,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2008-01-21 04:35:17 | 000,658,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc)
SRV - [2008-01-21 04:35:17 | 000,140,288 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2008-01-21 04:35:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-01-21 04:35:12 | 000,864,256 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-01-21 04:35:12 | 000,036,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-01-21 04:35:05 | 000,070,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2008-01-21 04:34:56 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2008-01-21 04:34:55 | 001,695,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2008-01-21 04:34:51 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost) Protokół uwierzytelniania rozszerzonego (EAP)
SRV - [2008-01-21 04:34:50 | 002,623,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2008-01-21 04:34:50 | 000,382,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2008-01-21 04:34:50 | 000,188,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2008-01-21 04:34:49 | 000,758,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2008-01-21 04:34:49 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2008-01-21 04:34:48 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2008-01-21 04:34:45 | 000,302,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2008-01-21 04:34:44 | 000,574,464 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2008-01-21 04:34:44 | 000,122,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2008-01-21 04:34:44 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2008-01-21 04:34:44 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-01-21 04:34:43 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2008-01-21 04:34:43 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008-01-21 04:34:43 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2008-01-21 04:34:43 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2008-01-21 04:34:43 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008-01-21 04:34:42 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2008-01-21 04:34:38 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2008-01-21 04:34:37 | 000,155,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008-01-21 04:34:35 | 000,393,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2008-01-21 04:34:35 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008-01-21 04:34:33 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2008-01-21 04:34:32 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2008-01-21 04:34:32 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2008-01-21 04:34:30 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify)
SRV - [2008-01-21 04:34:24 | 000,745,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) Zdalne zarządzanie systemem Windows (WS-Management)
SRV - [2008-01-21 04:34:21 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2008-01-21 04:34:21 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2008-01-21 04:34:20 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2008-01-21 04:34:20 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008-01-21 04:34:19 | 000,134,656 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2008-01-21 04:34:19 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2008-01-21 04:34:19 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2008-01-21 04:34:18 | 000,596,992 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2008-01-21 04:34:18 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2008-01-21 04:34:17 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2008-01-21 04:34:17 | 000,056,320 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2008-01-21 04:34:08 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2008-01-21 04:34:08 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008-01-21 04:34:08 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2008-01-21 04:34:06 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2008-01-21 04:34:04 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008-01-21 04:34:03 | 000,310,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008-01-21 04:34:03 | 000,175,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2008-01-21 04:34:03 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2008-01-21 04:34:02 | 000,282,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2008-01-21 04:34:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2008-01-21 04:34:01 | 000,095,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2008-01-21 04:34:01 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2008-01-21 04:34:01 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2008-01-21 04:34:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008-01-21 04:34:00 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008-01-21 04:33:59 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2008-01-21 04:33:55 | 000,344,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2008-01-21 04:33:55 | 000,105,984 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2008-01-21 04:33:54 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008-01-21 04:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2008-01-21 04:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2008-01-21 04:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2008-01-21 04:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008-01-21 04:33:53 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008-01-21 04:33:51 | 000,448,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2008-01-21 04:33:50 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008-01-21 04:33:47 | 000,039,424 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2008-01-21 04:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) Udostępnianie połączenia internetowego (ICS)
SRV - [2008-01-21 04:33:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2008-01-21 04:33:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2008-01-21 04:33:40 | 000,259,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2008-01-21 04:33:40 | 000,153,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2008-01-21 04:33:39 | 001,502,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2008-01-21 04:33:37 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008-01-21 04:33:36 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2008-01-21 04:33:27 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2008-01-21 04:33:27 | 000,328,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2008-01-21 04:33:26 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2008-01-21 04:33:24 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2008-01-21 04:33:23 | 000,247,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2008-01-21 04:33:23 | 000,247,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008-01-21 04:33:20 | 001,054,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2008-01-21 04:33:19 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2008-01-21 04:33:18 | 001,013,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2008-01-21 04:33:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008-01-21 04:33:11 | 002,091,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2008-01-21 04:33:08 | 000,412,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2008-01-21 04:33:06 | 000,452,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008-01-21 04:33:06 | 000,196,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2008-01-21 04:33:06 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2008-01-21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-21 04:32:58 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008-01-21 04:32:56 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2008-01-21 04:32:54 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2008-01-21 04:32:53 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2007-11-07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programy\Visual studio_2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007-02-10 15:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007-02-10 15:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007-02-10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006-11-02 14:34:40 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2006-11-02 11:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2006-11-02 11:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2006-11-02 11:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2006-11-02 11:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2006-11-02 11:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006-11-02 11:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2006-11-02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) Lokalizator usługi zdalnego wywołania procedury (RPC)
SRV - [2006-11-02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2006-10-27 04:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-10-14 12:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-10-10 12:58:54 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-10-10 12:58:54 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-10-06 17:38:29 | 000,051,792 | ---- | M] (ArcaBit) [File_System | On_Demand | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
DRV - [2010-06-07 09:40:34 | 000,031,744 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7opcsrtx.sys -- (S7opcsrtx) PROFINET IO RT-Protocol (LLDP)
DRV - [2010-03-11 23:30:35 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2010-01-24 15:53:02 | 000,336,128 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO)
DRV - [2009-12-01 19:14:34 | 000,034,384 | ---- | M] (ArcaBit) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\abndis.sys -- (ABndisMP)
DRV - [2009-12-01 19:14:34 | 000,034,384 | ---- | M] (ArcaBit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\abndis.sys -- (ABndis)
DRV - [2009-09-26 15:52:10 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-07-04 22:44:21 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009-03-20 08:21:37 | 000,984,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-02-24 19:39:58 | 000,073,088 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7snsrtx.sys -- (s7snsrtx)
DRV - [2009-01-14 21:51:50 | 000,230,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008-12-24 10:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008-12-20 09:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-12-16 08:05:37 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008-11-03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008-09-26 19:04:10 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-08-11 04:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008-05-29 18:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)
DRV - [2008-05-24 02:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008-04-07 08:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008-02-26 15:45:10 | 000,051,208 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006-11-02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2001-11-13 10:47:26 | 000,041,324 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\winio.sys -- (WINIO)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS & bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: " http://www.google.pl "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: zrzuta.eu@gmail.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-24 20:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-24 20:36:44 | 000,000,000 | ---D | M]

[2010-06-13 22:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grzegorz\AppData\Roaming\mozilla\Extensions
[2010-06-13 22:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grzegorz\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011-04-05 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grzegorz\AppData\Roaming\mozilla\Firefox\Profiles\p3vtyh9s.default\extensions
[2010-08-14 14:06:42 | 000,000,000 | ---D | M] (Zrzuta.eu) -- C:\Users\Grzegorz\AppData\Roaming\mozilla\Firefox\Profiles\p3vtyh9s.default\extensions\zrzuta.eu@gmail.com
[2011-04-05 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-03-24 20:36:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010-06-13 22:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-29 10:43:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-01-23 16:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011-03-24 20:36:43 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011-03-24 20:36:43 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010-11-12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-24 20:36:43 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011-03-06 21:33:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-08-09 11:47:51 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011-03-06 21:33:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-03-06 21:33:41 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011-03-06 21:33:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-03-06 21:33:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-03-06 21:33:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-03-06 21:33:42 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-04-05 20:33:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S & D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Grzegorz\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: ( & Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\..\Toolbar\WebBrowser: ( & Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [ABREGMON] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe (ArcaBit)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [S7UB Start] C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa & ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E & xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : & Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ArcaVir & gt; & gt; - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir & gt; & gt; - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3825743256-3478926439-731751588-1000\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.156.98.141 150.254.173.3
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL " sysdm.cpl " ) - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011-04-05 19:50:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-04-05 19:50:31 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = ComFile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-04-06 09:47:08 | 000,000,000 | R--D | C] -- C:\Users\Grzegorz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD 8
[2011-04-06 00:29:25 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\mb
[2011-04-05 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\DoctorWeb
[2011-04-05 21:19:15 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\AppData\Roaming\Malwarebytes
[2011-04-05 21:19:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-04-05 21:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-04-05 21:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-04-05 21:19:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-04-05 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-04-05 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\log_cf
[2011-04-05 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\AppData\Local\temp
[2011-04-05 20:33:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011-04-05 20:30:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011-04-05 20:17:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011-04-05 20:17:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011-04-05 20:17:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011-04-05 20:17:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-04-05 20:15:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-05 20:15:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011-04-05 19:50:31 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011-04-05 19:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2011-03-31 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\test
[2011-03-30 16:01:39 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\wysisłowo- pokaz
[2011-03-30 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\plc
[2011-03-30 12:56:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\5PUPRPPPPPfmis
[2011-03-30 12:56:56 | 000,000,000 | ---D | C] -- C:\Windows\5PUPRPPPPPfmis
[2011-03-30 12:54:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\5PUPQPPPPPfmis
[2011-03-30 12:54:53 | 000,000,000 | ---D | C] -- C:\Windows\5PUPQPPPPPfmis
[2011-03-28 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\lab3GK
[2011-03-28 13:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS
[2011-03-28 13:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\PITy
[2011-03-25 15:49:24 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\lab_2_93339
[2011-03-25 15:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-pity
[2011-03-25 15:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\e-file
[2011-03-25 15:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\e-file
[2011-03-25 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\Marketing projekt
[2011-03-22 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\4PUPsclpQattis
[2011-03-22 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\4PUPsclpQattis
[2011-03-22 00:34:10 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\Air_semstr_4
[2011-03-21 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\cwiczenie od patrytka
[2011-03-18 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Documents\Max Payne 2 Savegames
[2011-03-18 17:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2011-03-16 19:38:29 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\AppData\Local\Apps
[2011-03-15 20:27:47 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\AppData\Local\SIEMENS_AG
[2011-03-15 12:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adaptive Server Anywhere 9
[2011-03-15 12:08:25 | 000,000,000 | ---D | C] -- C:\AX NF ZZ
[2011-03-15 12:08:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\5PUPTPQWQattis
[2011-03-15 12:08:25 | 000,000,000 | ---D | C] -- C:\Windows\5PUPTPQWQattis
[2011-03-15 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKZIP Server
[2011-03-15 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\PKWARE
[2011-03-15 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PKWARE
[2011-03-15 11:44:31 | 000,000,000 | ---D | C] -- C:\Users\Grzegorz\Desktop\Desktop
[2011-03-15 11:38:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Siemens
[2011-03-15 11:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens Automation
[2011-03-15 11:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Siemens
[2011-03-15 11:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Siemens
[2011-03-15 11:28:36 | 000,000,000 | ---D | C] -- C:\Windows\TempRASETUP
[2011-03-15 11:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Siemens
[2011-03-09 17:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki
[2011-03-09 17:20:51 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2011-03-09 17:20:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\embedded
[2008-11-03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-04-06 09:57:10 | 007,602,176 | ---- | M] () -- C:\Users\Grzegorz\ntuser.dat
[2011-04-06 09:51:49 | 001,609,082 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-04-06 09:51:49 | 000,712,112 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-04-06 09:51:49 | 000,636,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-04-06 09:51:49 | 000,145,806 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-04-06 09:51:49 | 000,119,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-04-06 09:46:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-04-06 09:46:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-04-06 09:46:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-04-06 09:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-04-06 01:03:04 | 000,524,288 | -HS- | M] () -- C:\Users\Grzegorz\ntuser.dat{ee3b37d6-0d7c-11df-87be-0026185fadc9}.TMContainer00000000000000000001.regtrans-ms
[2011-04-06 01:03:04 | 000,065,536 | -HS- | M] () -- C:\Users\Grzegorz\ntuser.dat{ee3b37d6-0d7c-11df-87be-0026185fadc9}.TM.blf
[2011-04-06 01:03:00 | 004,070,797 | -H-- | M] () -- C:\Users\Grzegorz\AppData\Local\IconCache.db
[2011-04-06 00:30:47 | 000,000,715 | ---- | M] () -- C:\Users\Grzegorz\Desktop\mb.zip
[2011-04-06 00:24:39 | 000,103,519 | ---- | M] () -- C:\Users\Grzegorz\Desktop\scan.jpg
[2011-04-05 21:19:09 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-05 20:52:13 | 000,006,115 | ---- | M] () -- C:\Users\Grzegorz\Desktop\log_cf.zip
[2011-04-05 20:33:32 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011-04-05 20:33:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-04-05 20:33:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011-04-04 21:46:08 | 000,089,600 | ---- | M] () -- C:\Users\Grzegorz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-31 17:26:57 | 000,260,675 | ---- | M] () -- C:\Users\Grzegorz\Desktop\test.rar
[2011-03-30 16:07:56 | 042,720,660 | ---- | M] () -- C:\Users\Grzegorz\Desktop\wysisłowo- pokaz.zip
[2011-03-28 13:54:21 | 000,005,985 | ---- | M] () -- C:\Users\Grzegorz\Desktop\grzegorz_hądzlik_2010_pit-37.xml
[2011-03-28 13:29:39 | 000,000,000 | ---- | M] () -- C:\Users\Grzegorz\Desktop\PITY2010NG.index
[2011-03-28 13:28:37 | 000,001,774 | ---- | M] () -- C:\Users\Grzegorz\Desktop\PITy 2010.lnk
[2011-03-27 16:32:48 | 004,287,891 | ---- | M] () -- C:\Users\Grzegorz\Desktop\CPU31xC_TF_en-US.pdf
[2011-03-26 14:32:11 | 748,201,764 | ---- | M] () -- C:\Users\Grzegorz\Desktop\Step7.Pro.v5.5.zip
[2011-03-25 15:18:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\e-pity2010.lnk
[2011-03-22 14:50:04 | 074,989,568 | ---- | M] () -- C:\Users\Grzegorz\Documents\Slumdog.Millionaire.2008.DVDSCR.XviD-DEViSE.avi
[2011-03-22 01:44:30 | 006,686,091 | ---- | M] () -- C:\Users\Grzegorz\Documents\Bez_nazwy (3).wma
[2011-03-17 00:58:57 | 000,260,329 | ---- | M] () -- C:\Users\Grzegorz\Documents\simatic s7.jpg
[2011-03-16 20:12:10 | 000,126,954 | ---- | M] () -- C:\Users\Grzegorz\Documents\włącznik_plc(jeden_guzik).JPG
[2011-03-15 11:36:34 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\SIMATIC Manager.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-04-06 00:30:47 | 000,000,715 | ---- | C] () -- C:\Users\Grzegorz\Desktop\mb.zip
[2011-04-06 00:24:38 | 000,103,519 | ---- | C] () -- C:\Users\Grzegorz\Desktop\scan.jpg
[2011-04-05 21:19:09 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-05 20:52:13 | 000,006,115 | ---- | C] () -- C:\Users\Grzegorz\Desktop\log_cf.zip
[2011-04-05 20:17:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011-04-05 20:17:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-04-05 20:17:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011-04-05 20:17:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-04-05 20:17:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-03-31 17:26:56 | 000,260,675 | ---- | C] () -- C:\Users\Grzegorz\Desktop\test.rar
[2011-03-30 16:07:51 | 042,720,660 | ---- | C] () -- C:\Users\Grzegorz\Desktop\wysisłowo- pokaz.zip
[2011-03-28 13:29:24 | 000,000,000 | ---- | C] () -- C:\Users\Grzegorz\Desktop\PITY2010NG.index
[2011-03-28 13:28:37 | 000,001,774 | ---- | C] () -- C:\Users\Grzegorz\Desktop\PITy 2010.lnk
[2011-03-27 16:32:29 | 004,287,891 | ---- | C] () -- C:\Users\Grzegorz\Desktop\CPU31xC_TF_en-US.pdf
[2011-03-26 14:29:35 | 748,201,764 | ---- | C] () -- C:\Users\Grzegorz\Desktop\Step7.Pro.v5.5.zip
[2011-03-25 15:18:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\e-pity2010.lnk
[2011-03-22 01:44:29 | 006,686,091 | ---- | C] () -- C:\Users\Grzegorz\Documents\Bez_nazwy (3).wma
[2011-03-17 00:58:39 | 000,260,329 | ---- | C] () -- C:\Users\Grzegorz\Documents\simatic s7.jpg
[2011-03-16 20:11:52 | 000,126,954 | ---- | C] () -- C:\Users\Grzegorz\Documents\włącznik_plc(jeden_guzik).JPG
[2011-03-15 11:36:34 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\SIMATIC Manager.lnk
[2011-03-14 16:24:59 | 000,041,324 | -H-- | C] () -- C:\Windows\System32\winio.sys
[2011-03-08 20:54:04 | 000,237,568 | ---- | C] () -- C:\Windows\System32\glut32.dll
[2011-02-20 16:10:28 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2011-02-20 16:10:26 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2010-10-27 09:53:32 | 000,006,290 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2010-10-27 09:53:29 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2010-10-27 09:53:29 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2010-10-27 09:53:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2010-10-27 09:53:29 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2010-10-27 09:53:29 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2010-10-27 09:53:29 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2010-10-27 09:53:29 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2010-10-27 09:53:29 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2010-10-27 09:53:29 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2010-10-27 09:53:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2010-10-27 09:53:29 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2010-10-27 09:53:29 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2010-10-27 09:53:29 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2010-10-27 09:53:29 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2010-10-27 09:53:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2010-10-27 09:53:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010-10-10 12:58:54 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-10-10 12:58:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-07-13 16:27:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010-07-09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010-06-13 22:08:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-05-19 20:33:38 | 000,626,636 | ---- | C] () -- C:\Windows\System32\drivers\fw_5711.bin
[2010-03-25 12:58:55 | 000,000,000 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\TempOu4280.html
[2010-03-25 12:58:55 | 000,000,000 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\TempAN4280.html
[2010-03-25 12:57:23 | 000,002,432 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\TempNn3392.html
[2010-03-25 12:48:34 | 000,000,000 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\TempyK5068.html
[2010-03-25 12:48:34 | 000,000,000 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\TempRk5068.html
[2010-03-09 01:35:44 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010-03-08 21:17:34 | 000,417,792 | ---- | C] () -- C:\Windows\System32\sn_regbase.dll
[2010-03-01 15:35:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010-03-01 15:35:10 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010-01-19 19:09:04 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2010-01-19 19:09:04 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2010-01-19 19:09:04 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2010-01-19 19:09:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2010-01-19 19:09:03 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2010-01-19 19:09:00 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2009-11-28 21:59:29 | 000,137,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009-11-28 21:59:21 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009-11-28 21:59:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009-11-19 15:27:34 | 000,018,432 | ---- | C] () -- C:\Windows\System32\ep5711k.dll
[2009-11-19 15:27:26 | 000,021,504 | ---- | C] () -- C:\Windows\System32\ep5711j.dll
[2009-09-28 20:40:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-09-26 16:08:53 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2009-09-26 15:52:10 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-09-24 21:36:24 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009-09-22 14:01:01 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-09-22 14:01:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009-09-22 14:00:59 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-09-22 14:00:59 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-09-22 14:00:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-09-22 14:00:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-09-22 14:00:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-09-16 14:01:14 | 000,089,600 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-16 12:25:26 | 000,017,089 | ---- | C] () -- C:\Users\Grzegorz\AppData\Roaming\UserTile.png
[2009-09-15 16:04:41 | 004,070,797 | -H-- | C] () -- C:\Users\Grzegorz\AppData\Local\IconCache.db
[2009-09-15 15:19:55 | 000,125,984 | ---- | C] () -- C:\Users\Grzegorz\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-07-04 22:53:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009-07-04 22:47:48 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009-07-04 22:46:49 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009-07-04 22:44:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009-07-04 22:42:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009-07-04 22:05:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-07-04 22:05:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009-02-26 05:38:39 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009-02-26 05:38:39 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009-02-26 05:38:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009-02-26 05:38:39 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2008-12-23 22:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008-12-15 11:11:14 | 000,979,785 | ---- | C] () -- C:\Windows\System32\drivers\fpga5711.bin
[2008-08-11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008-05-22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008-05-12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008-04-17 22:06:52 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008-04-17 11:47:58 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2008-04-17 11:47:57 | 000,712,112 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2008-04-17 11:47:57 | 000,145,806 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2008-04-17 11:47:57 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2008-04-07 08:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2008-01-21 04:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008-01-21 04:34:17 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:44:53 | 000,451,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 12:33:01 | 001,609,082 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006-11-02 12:33:01 | 000,636,790 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,119,736 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006-11-02 12:23:31 | 000,000,264 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 12:23:31 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2005-06-10 09:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll
[2002-10-06 19:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002-10-05 00:04:26 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002-10-05 00:04:26 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002-10-05 00:04:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[1999-07-16 15:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes - & gt; C:\Users\Grzegorz\Documents\Slumdog.Millionaire.2008.DVDSCR.XviD-DEViSE.avi:TOC.WMV
@Alternate Data Stream - 132 bytes - & gt; C:\ProgramData\Temp:E965A533
@Alternate Data Stream - 105 bytes - & gt; C:\ProgramData\Temp:D74B6CF5

& lt; End of report & gt;

logs.zip > info.txt

info.txt logfile of random's system information tool 1.08 2011-04-06 09:58:22

======Uninstall list======

µTorrent-- & gt; " D:\uTorrent\uTorrent.exe " /UNINSTALL
2007 Microsoft Office system-- & gt; " C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe " /uninstall PROHYBRIDR /dll OSETUP.DLL
Ace Utilities-- & gt; " C:\Program Files\Ace Utilities\uninstall.exe "
Activation Assistant for the 2007 Microsoft Office suites-- & gt; " C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe " REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-- & gt; C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-- & gt; C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Reader 9.0.1 - Polish-- & gt; MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A90100000001}
Advanced Registry Doctor Pro Compatibility Patch-- & gt; %windir%\system32\sdbinst.exe -u " C:\Windows\AppPatch\Custom\{ffd18d1a-0876-437d-a8eb-b910f353f17d}.sdb "
Advanced Registry Doctor-- & gt; C:\Program Files\Advanced Registry Doctor\Odinstaluj Advanced Registry Doctor.exe
All Video Converter 4.3.5-- & gt; " D:\Programy\All Video Converter\unins000.exe "
AllerCalc-- & gt; D:\Programy\AllerCalc\Uninstall.exe
AmIcoSingLun-- & gt; C:\Program Files\InstallShield Installation Information\{BF91B300-EEBC-4223-96F3-0FCBF7241B50}\setup.exe -runfromtemp -l0x0409
ArcaVir-- & gt; MsiExec.exe /I{A6448DEA-02A3-4BDE-A2C3-9C431ABCF2D2}
Archiwizator WinRAR-- & gt; D:\Programy\Winrar\uninstall.exe
ASUS AI Recovery-- & gt; MsiExec.exe /I{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}
ASUS CopyProtect-- & gt; MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS Data Security Manager-- & gt; MsiExec.exe /X{FA2092C5-7979-412D-A962-6485274AE1EE}
ASUS LifeFrame3-- & gt; MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS MultiFrame-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe " -l0x9
ASUS Power4Gear Hybrid-- & gt; MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon-- & gt; MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-- & gt; MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-- & gt; MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Asus_Camera_ScreenSaver-- & gt; " C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe "
ASUSTek ASUSDVD 8-- & gt; " C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe " /z-uninstall
ASUSTek ASUSDVD 8-- & gt; " C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe " /z-uninstall
Asystent rejestracji us³ugi Windows Live-- & gt; MsiExec.exe /I{12D899B3-E5BC-40DC-B3A9-5303AAF88620}
Atheros Client Installation Program-- & gt; C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-- & gt; " C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe " -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-- & gt; C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-- & gt; MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-- & gt; MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-- & gt; MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
Bezpieczeñstwo rodzinne us³ugi Windows Live-- & gt; MsiExec.exe /X{3856DA80-86D2-4EBF-B33E-9F2C54BC9AC4}
Black and White-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\Setup.exe "
Call of Duty(R) 2-- & gt; C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CCleaner-- & gt; " D:\Programy\CCleaner\uninst.exe "
Choice Guard-- & gt; MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-- & gt; MsiExec.exe /I{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}
Cisco LEAP Module-- & gt; MsiExec.exe /I{934B3B19-8193-467A-B356-E73F82647D38}
Cisco PEAP Module-- & gt; MsiExec.exe /I{BAD1449B-DF0C-4118-B76D-68C54009576C}
Corel Applications-- & gt; C:\Windows\Corel\Uninst32.exe
Crystal Reports Basic for Visual Studio 2008-- & gt; MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
CyberLink LabelPrint-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe " -uninstall
CyberLink Power2Go-- & gt; " C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe " /z-uninstall
CyberLink Power2Go-- & gt; " C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe " /z-uninstall
Dassault Systemes Software B19-- & gt; " D:\Programy\CATIA\intel_a\code\bin\Uninstall.exe " " D:\Programy\CATIA " " CODE " " GUI " " B19 " " 0 "
Dassault Systemes Software Prerequisites x86-- & gt; MsiExec.exe /X{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}
Dev-C++ 5 beta 9 release (4.9.9.2)-- & gt; " D:\Programy\Dev-Cpp\uninstall.exe "
doxygen 1.6.2-- & gt; " D:\Programy\doxygen\system\unins000.exe "
EA Download Manager-- & gt; C:\Program Files\Electronic Arts\EADM\Uninstall.exe
e-pity 2010-- & gt; " C:\Program Files\e-file\e-pity2010\unins000.exe "
ETDWare PS/2-x86 7.0.5.1 WHQL-- & gt; C:\Program Files\Elantech\ETDUninst.exe
FM Screen Capture Codec (Remove Only)-- & gt; rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\fmcodec.inf
FTP Commander-- & gt; D:\Programy\FTP Commander\uninstall.exe
Galeria fotografii us³ugi Windows Live-- & gt; MsiExec.exe /X{40CC0CC6-C1BA-476D-98CF-5430DA439B4F}
Google Toolbar for Internet Explorer-- & gt; " C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_D370CDE96771667E.exe " /uninstall
Google Toolbar for Internet Explorer-- & gt; MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Grand Theft Auto Vice City-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe " -l0x9
Intel(R) Graphics Media Accelerator Driver-- & gt; C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-- & gt; C:\Windows\system32\TVWizudlg.exe -uninstall
Java(TM) 6 Update 23-- & gt; MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Junk Mail filter update-- & gt; MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
K-Lite Mega Codec Pack 5.1.0-- & gt; " C:\Program Files\K-Lite Codec Pack\unins000.exe "
League of Legends-- & gt; " C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe " -runfromtemp -l0x0409 -removeonly
LightScribe System Software 1.14.17.1-- & gt; MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Mafia-- & gt; " D:\Gry\Mafia\unins000.exe "
Malwarebytes' Anti-Malware-- & gt; " C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
MATLAB R2007b-- & gt; D:\Programy\Matlab2\uninstall\uninstall.exe D:\Programy\Matlab2\
Max Payne 2-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe " -l0x9
Max Payne-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe " uninstall uninstall
Microsoft .NET Framework 3.5-- & gt; C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-- & gt; MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Device Emulator version 3.0 - ENU-- & gt; MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008-- & gt; C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-- & gt; MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Access MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-- & gt; MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-- & gt; MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-- & gt; MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-- & gt; MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-- & gt; MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-- & gt; MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-- & gt; MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-- & gt; MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-- & gt; MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-- & gt; MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-- & gt; MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Silverlight-- & gt; MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-- & gt; MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-- & gt; MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-- & gt; MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-- & gt; " c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe " /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-- & gt; MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-- & gt; MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-- & gt; MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-- & gt; MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-- & gt; MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-- & gt; MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-- & gt; MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-- & gt; MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-- & gt; MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-- & gt; MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Office Runtime-- & gt; MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-- & gt; D:\Programy\Visual studio_2008\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-- & gt; " C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe " /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-- & gt; MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-- & gt; MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-- & gt; MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools-- & gt; MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-- & gt; MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Microsoft WSE 3.0 Runtime-- & gt; MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mitsubishi SW0D5-ALVLS-E-- & gt; C:\Windows\uninst.exe -fd:\programy\alpha\DeIsL1.isu
Mozilla Firefox (3.6.16)-- & gt; C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2008 - ENU-- & gt; C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU-- & gt; MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSVCRT-- & gt; MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Multimedia Card Reader-- & gt; C:\Program Files\InstallShield Installation Information\{DA41F9E9-B878-467F-95E7-27E4D1943533}\SETUP.EXE -runfromtemp -l0x0409
NapiProjekt 1.0.6.7-- & gt; " D:\Programy\NAPI-PROJEKT\unins000.exe "
Narzêdzia programu Visual Studio 2005 Second Edition do obs³ugi pakietu Office-- & gt; c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Narzêdzie do przekazywania us³ugi Windows Live-- & gt; MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Need For Speed Underground-- & gt; D:\NFS\EAUninstall.exe
Nowe Gadu-Gadu-- & gt; C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe
OpenOffice.org 3.2-- & gt; MsiExec.exe /I{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}
Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-- & gt; C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Pando Media Booster-- & gt; C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-- & gt; MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Picasa 3-- & gt; " C:\Program Files\Google\Picasa3\Uninstall.exe "
PIT-OPP 2010-- & gt; " C:\Infonetax\PIT-OPP 2010\unins000.exe "
PITy 2010 dla Windows kompilacja:1.2.7.1-- & gt; " C:\Program Files\PITy\PITy2010NG\unins000.exe "
PKZIP Server for Windows 12.40.0008-- & gt; MsiExec.exe /I{134A51EB-1BBB-4249-BAF5-494C3D186A06}
PLAY ONLINE-- & gt; C:\Program Files\PLAY ONLINE\uninst.exe
Poczta us³ugi Windows Live-- & gt; MsiExec.exe /I{DB4690C5-9015-401D-A96C-A49909B7C372}
Podstawowe programy Windows Live-- & gt; C:\Program Files\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-- & gt; MsiExec.exe /I{0B63BF75-9F0A-4E93-A69D-BDCC6A26C4B1}
Pro Evolution Soccer 2010-- & gt; MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
PSpice Student 9.1-- & gt; C:\Windows\IsUninst.exe -fd:\programy\Spice\DeIsL1.isu
Registry Defragmentation Compatibility Patch-- & gt; %windir%\system32\sdbinst.exe -u " C:\Windows\AppPatch\Custom\{b2d30b83-97be-49a7-b0db-ee2bf3eab5b2}.sdb "
SAMSUNG Mobile Composite Device Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-- & gt; C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-- & gt; " C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe " -runfromtemp -l0x0415 -removeonly
Samsung New PC Studio USB Driver Installer-- & gt; MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-- & gt; MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-- & gt; C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-- & gt; MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Siemens Automation License Manager V5.0 + SP1 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {E85D273D-7191-4232-99C8-FA1703A384D1}
Siemens Automation License Manager-- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {E85D273D-7191-4232-99C8-FA1703A384D1}
SIMATIC STEP 7 V5.5 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {B3372270-9C79-42D7-BF46-00755A0C1A87}
SIMATIC STEP 7-- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {B3372270-9C79-42D7-BF46-00755A0C1A87}
SIMATIC S7-GRAPH V5.3 + SP6 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}
SIMATIC S7-GRAPH V5.3 + SP6 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}
SIMATIC S7-PCT V2.1 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {C111BA56-9ACF-42FD-92D6-ED75618AB22E}
SIMATIC S7-PCT-- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {C111BA56-9ACF-42FD-92D6-ED75618AB22E}
SIMATIC S7-PLCSIM V5.4 + SP4 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {66F62657-25A2-4839-BFC2-4400861D810E}
SIMATIC S7-PLCSIM-- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {66F62657-25A2-4839-BFC2-4400861D810E}
SIMATIC S7-SCL V5.3 + SP5 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {96F139DE-C33E-4FCC-A72B-684BF899F679}
SIMATIC S7-SCL V5.3 + SP5 Professional 2010 -- & gt; C:\Program Files\Common Files\Siemens\Bin\setupdeinstaller.exe /x {96F139DE-C33E-4FCC-A72B-684BF899F679}
Skaner on-line mks_vir-- & gt; C:\Windows\system32\SkanerOnlineUninstall.exe
Skype™ 4.1-- & gt; MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-- & gt; " C:\Program Files\Spybot - Search & Destroy\unins000.exe "
SRS Premium Sound-- & gt; MsiExec.exe /X{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}
Star Wars Jedi Knight Jedi Academy-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{0D994CC5-819F-4657-84DD-397B8FE1EA80}\Setup.exe " -l0x9
Star Wars JK II Jedi Outcast-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe "
SubEdit - Vista WMP Patch-- & gt; " C:\Program Files\SubEdit-Player\WMP6_4\unins000.exe "
SubEdit-Player-- & gt; " C:\Program Files\SubEdit-Player\unins000.exe "
The Sims™ 3-- & gt; " C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe " -runfromtemp -l0x0015 -removeonly
Tibia-- & gt; " D:\Tibia\unins000.exe "
USB 2.0 1.3M UVC WebCam-- & gt; C:\Windows\Uninstsxga.bat
VC Runtimes MSI-- & gt; MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VIA Platform Device Manager-- & gt; C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-- & gt; MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-- & gt; C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT= " "
Visual Studio Tools for the Office system 3.0 Runtime-- & gt; C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-- & gt; MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Windows Live Communications Platform-- & gt; MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-- & gt; MsiExec.exe /X{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}
Windows Live Movie Maker Beta-- & gt; MsiExec.exe /X{C08F4C18-EBC5-47F4-A760-A2DF3C39CA20}
Windows Live Sync-- & gt; MsiExec.exe /X{C3335EFB-008F-44DB-A87A-9EC8EE53D045}
Windows Live Writer-- & gt; MsiExec.exe /X{DD49053A-0140-44EF-AE75-C4BC1FDB8286}
Windows Media Player Firefox Plugin-- & gt; MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile 5.0 SDK R2 for Pocket PC-- & gt; MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-- & gt; MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinFlash-- & gt; RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup " C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe " -l0x9
Wireless Console 3-- & gt; MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
Xfire (remove only)-- & gt; " D:\Programy\Xfire\uninst.exe "

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Grzegorz-PC
Event Code: 7036
Message: Us³uga Us³ugi podstawowe modu³u TPM wesz³a w stan zatrzymania.
Record Number: 163235
Source Name: Service Control Manager
Time Written: 20110406074846.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 7036
Message: Us³uga Centrum zabezpieczeñ wesz³a w stan uruchomienia.
Record Number: 163236
Source Name: Service Control Manager
Time Written: 20110406074847.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 537
Message: W tym komputerze nie odnaleziono zgodnego urz¹dzenia zabezpieczeñ modu³u TPM. Nie mo¿na uruchomiæ us³ugi TBS.
Record Number: 163237
Source Name: Microsoft-Windows-TBS
Time Written: 20110406074846.877533-000
Event Type: Informacje
User: ZARZ¥DZANIE NT\US£UGA LOKALNA

Computer Name: Grzegorz-PC
Event Code: 7036
Message: Us³uga Windows Update wesz³a w stan uruchomienia.
Record Number: 163238
Source Name: Service Control Manager
Time Written: 20110406074849.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 7036
Message: Us³uga Instalator modu³ów systemu Windows wesz³a w stan zatrzymania.
Record Number: 163239
Source Name: Service Control Manager
Time Written: 20110406075652.000000-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: Grzegorz-PC
Event Code: 1
Message: Klient us³ug certyfikatów zosta³ uruchomiony pomyœlnie.
Record Number: 58407
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20110406074751.441533-000
Event Type: Informacje
User: ZARZ¥DZANIE NT\SYSTEM

Computer Name: Grzegorz-PC
Event Code: 1
Message: Us³uga Centrum zabezpieczeñ systemu Windows zosta³a uruchomiona.
Record Number: 58408
Source Name: SecurityCenter
Time Written: 20110406074848.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 1001
Message: Liczniki wydajnoœci dla us³ugi WmiApRpl (WmiApRpl) zosta³y pomyœlnie usuniête. Dane rekordu zawieraj¹ nowe wartoœci wpisów Last Counter (ostatni licznik) i Last Help (ostatnia Pomoc) do Rejestru systemowego.
Record Number: 58409
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110406075149.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 1000
Message: Liczniki wydajnoœci dla us³ugi WmiApRpl (WmiApRpl) zosta³y pomyœlnie za³adowane. Dane rekordu w sekcji danych zawieraj¹ nowe wartoœci indeksu przypisane do tej us³ugi.
Record Number: 58410
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20110406075149.000000-000
Event Type: Informacje
User:

Computer Name: Grzegorz-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 58411
Source Name: LightScribeService
Time Written: 20110406075821.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: Grzegorz-PC
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZ¥DZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 47141
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101122115900.321352-000
Event Type: Sukces inspekcji
User:

Computer Name: Grzegorz-PC
Event Code: 4648
Message: Podjêto próbê logowania przy u¿yciu jawnych poœwiadczeñ.

Podmiot:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: GRZEGORZ-PC$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Konto, którego poœwiadczenia zosta³y u¿yte:
Nazwa konta: SYSTEM
Domena konta: ZARZ¥DZANIE NT
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Serwer docelowy:
Nazwa serwera docelowego: localhost
Informacje dodatkowe: localhost

Informacje o procesie:
Identyfikator procesu: 0x2a4
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Adres sieciowy: -
Port: -

To zdarzenie jest generowane, gdy proces podejmie próbê zalogowania siê na koncie, okreœlaj¹c w sposób jawny poœwiadczenia konta. To zdarzenie najczêœciej wystêpuje w konfiguracjach wsadowych, takich jak zaplanowane zadania, lub podczas u¿ywania polecenia RUNAS.
Record Number: 47142
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101122115900.555354-000
Event Type: Sukces inspekcji
User:

Computer Name: Grzegorz-PC
Event Code: 4624
Message: U¿ytkownik pomyœlnie zalogowa³ siê na koncie.

Podmiot:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: GRZEGORZ-PC$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZ¥DZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x2a4
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres Ÿród³owy sieci: -
Port Ÿród³owy: -

Szczegó³owe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Us³ugi przejœciowe: -
Nazwa pakietu (tylko NTLM): -
D³ugoœæ klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego zosta³ uzyskany dostêp.

Pola podmiotu wskazuj¹ konto w systemie lokalnym, które za¿¹da³o logowania. Najczêœciej jest to us³uga, na przyk³ad us³uga Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistnia³ego logowania. Najczêstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazuj¹ konto, dla którego zosta³o utworzone nowe logowanie, czyli konto, które zosta³o zalogowane.

Pola sieci wskazuj¹ lokalizacjê, z której pochodzi³o zdalne ¿¹danie logowania. Nazwa stacji roboczej nie zawsze jest dostêpna i w niektórych przypadkach mo¿e byæ pusta.

Pola informacji o uwierzytelnianiu zawieraj¹ szczegó³owe informacje o tym konkretnym ¿¹daniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomoc¹ którego mo¿na skorelowaæ to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Us³ugi przejœciowe wskazuj¹, które us³ugi poœrednie uczestniczy³y w tym ¿¹daniu logowania.
- Nazwa pakietu wskazuje, który protokó³ podrzêdny spoœród protoko³ów NTLM zosta³ u¿yty.
- D³ugoœæ klucza wskazuje d³ugoœæ wygenerowanego klucza sesji. Jeœli nie za¿¹dano klucza sesji, jest to wartoœæ 0.
Record Number: 47143
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101122115900.555354-000
Event Type: Sukces inspekcji
User:

Computer Name: Grzegorz-PC
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZ¥DZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 47144
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101122115900.555354-000
Event Type: Sukces inspekcji
User:

Computer Name: Grzegorz-PC
Event Code: 5056
Message: Wykonano autotest funkcji kryptograficznej.

Podmiot:
Identyfikator zabezpieczeñ: S-1-5-18
Nazwa konta: GRZEGORZ-PC$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Modu³: ncrypt.dll

Kod powrotny: 0x0
Record Number: 47145
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101122115902.309760-000
Event Type: Sukces inspekcji
User:

======Environment variables======

" ComSpec " =%SystemRoot%\system32\cmd.exe
" FP_NO_HOST_CHECK " =NO
" OS " =Windows_NT
" Path " =%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Siemens\Sqlany;C:\Program Files\Siemens\Step7\S7bin;C:\Program Files\PC Connectivity Solution;D:\Programy\ARCVIR\Common;C:\Program Files\ArcaBit\Common;c:\Program Files\Microsoft SQL Server\90\Tools\binn;D:\Programy\Matlab2\bin;D:\Programy\Matlab2\bin\win32;D:\Programy\doxygen\bin;C:\Program Files\PKWARE\pkzipc
" PATHEXT " =.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
" PROCESSOR_ARCHITECTURE " =x86
" TEMP " =%SystemRoot%\TEMP
" TMP " =%SystemRoot%\TEMP
" USERNAME " =SYSTEM
" windir " =%SystemRoot%
" PROCESSOR_LEVEL " =6
" PROCESSOR_IDENTIFIER " =x86 Family 6 Model 23 Stepping 10, GenuineIntel
" PROCESSOR_REVISION " =170a
" NUMBER_OF_PROCESSORS " =2
" TRACE_FORMAT_SEARCH_PATH " =\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
" DFSTRACINGON " =FALSE
" configsetroot " =%SystemRoot%\ConfigSetRoot
" VS90COMNTOOLS " =D:\Programy\Visual studio_2008\Common7\Tools\
" AutInstLog " =C:\ProgramData\Siemens\Automation\Logfiles\Setup\
" SQLANY " =C:\Program Files\Common Files\Siemens\Sqlany
" S7TMP " =C:\Program Files\Siemens\Step7\S7Tmp

-----------------EOF-----------------

logs.zip > log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Grzegorz at 2011-04-06 09:58:06
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 25 GB (21%) free of 119 GB
Total RAM: 3036 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:58:19, on 2011-04-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Grzegorz\Downloads\OTL.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Grzegorz\Downloads\RSIT.exe
C:\Program Files\trend micro\Grzegorz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocnik rejestracji us³ugi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Grzegorz\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: & Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RemoteControl8] " C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe "
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] " C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe "
O4 - HKLM\..\Run: [CLMLServer] " C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] " C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [P2Go_Menu] " C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe " " C:\Program Files\CyberLink\Power2Go " UpdateWithCreateOnce " SOFTWARE\CyberLink\Power2Go\6.0 "
O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] " C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [S7UB Start] " C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe " -StartDB
O4 - HKCU\..\Run: [SRS Premium Sound] " C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe " /hideme
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa & ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E & xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: & Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ArcaVir & gt; & gt; - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra 'Tools' menuitem: ArcaVir & gt; & gt; - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: S7 HSP Service (s7hspsvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\s7bin\s7hspsvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9023 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S & D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocnik rejestracji us³ugi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-04 255600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll [2009-07-04 651248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Users\Grzegorz\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-10-28 42088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - & Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-04 255600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
" RemoteControl8 " =C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [2009-04-16 91432]
" PDVD8LanguageShortcut " =C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [2009-04-16 50472]
" CLMLServer " =C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [2008-07-19 104936]
" HotKeysCmds " =C:\Windows\system32\hkcmd.exe [2009-03-05 173592]
" Persistence " =C:\Windows\system32\igfxpers.exe [2009-03-05 150552]
" HDAudDeck " =C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-03-23 17149952]
" AmIcoSinglun " =C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-10-01 237568]
" HControlUser " =C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304]
" ATKOSD2 " =C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-03-04 8392704]
" ATKMEDIA " =C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-12-29 159744]
" ADSMTray " =C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240]
" ACMON " =C:\Program Files\ASUS\Splendid\ACMON.exe [2008-10-01 851968]
" Wireless Console 3 " =C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2009-02-07 1593344]
" ETDWare " =C:\Program Files\Elantech\ETDCtrl.exe [2009-03-06 424352]
" Adobe Reader Speed Launcher " =C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-03 35184]
" P2Go_Menu " =C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]
" AvMenu " =C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe [2010-06-26 453200]
" ABREGMON " =C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe [2010-01-28 420432]
" SunJavaUpdateSched " =C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
" S7UB Start " =C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [2010-06-03 102453]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
" SRS Premium Sound " =C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [2009-03-20 3261688]
" WMPNSCFG " =C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABRegmon]
C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe [2010-01-28 420432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\AsScrProlog.exe [2009-07-04 47672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2009-07-04 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Programy\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2009-03-05 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\INSTAL~1\{567C6~1\_71A97~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
" {AEB6717E-7E19-11d0-97EE-00C04FD91972} " = []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
" notification packages " =scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
" EnableLUA " =0
" dontdisplaylastusername " =0
" legalnoticecaption " =
" legalnoticetext " =
" shutdownwithoutlogon " =1
" undockwithoutlogon " =1
" EnableUIADesktopToggle " =0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
" NoDriveAutoRun " =0xFFFFFFFF
" NoDriveTypeAutoRun " =36
" NoDrives " =0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
" NoDrives " =0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-04-06 09:58:07 ----D---- C:\Program Files\trend micro
2011-04-06 09:58:06 ----D---- C:\rsit
2011-04-05 21:19:15 ----D---- C:\Users\Grzegorz\AppData\Roaming\Malwarebytes
2011-04-05 21:19:09 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-04-05 21:19:08 ----D---- C:\ProgramData\Malwarebytes
2011-04-05 21:19:05 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-05 21:19:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-05 20:37:59 ----A---- C:\ComboFix.txt
2011-04-05 20:33:27 ----SHD---- C:\$RECYCLE.BIN
2011-04-05 20:30:50 ----D---- C:\Windows\temp
2011-04-05 20:17:21 ----A---- C:\Windows\zip.exe
2011-04-05 20:17:21 ----A---- C:\Windows\SWSC.exe
2011-04-05 20:17:21 ----A---- C:\Windows\SWREG.exe
2011-04-05 20:17:21 ----A---- C:\Windows\sed.exe
2011-04-05 20:17:21 ----A---- C:\Windows\PEV.exe
2011-04-05 20:17:21 ----A---- C:\Windows\NIRCMD.exe
2011-04-05 20:17:21 ----A---- C:\Windows\MBR.exe
2011-04-05 20:17:21 ----A---- C:\Windows\grep.exe
2011-04-05 20:17:12 ----D---- C:\Windows\ERDNT
2011-04-05 20:15:29 ----D---- C:\Qoobox
2011-04-05 20:15:11 ----A---- C:\Windows\SWXCACLS.exe
2011-04-05 19:50:31 ----RAD---- C:\autorun.inf
2011-04-05 19:19:09 ----D---- C:\Program Files\SkanerOnline
2011-03-30 12:56:56 ----D---- C:\Windows\system32\5PUPRPPPPPfmis
2011-03-30 12:56:56 ----D---- C:\Windows\5PUPRPPPPPfmis
2011-03-30 12:54:53 ----D---- C:\Windows\system32\5PUPQPPPPPfmis
2011-03-30 12:54:53 ----D---- C:\Windows\5PUPQPPPPPfmis
2011-03-28 13:28:34 ----D---- C:\Program Files\PITy
2011-03-25 15:17:56 ----D---- C:\ProgramData\e-file
2011-03-25 15:17:56 ----D---- C:\Program Files\e-file
2011-03-22 15:10:09 ----D---- C:\Windows\system32\4PUPsclpQattis
2011-03-22 15:10:09 ----D---- C:\Windows\4PUPsclpQattis
2011-03-18 17:57:33 ----D---- C:\Program Files\Rockstar Games
2011-03-15 12:11:53 ----D---- C:\ProgramData\Adaptive Server Anywhere 9
2011-03-15 12:08:25 ----D---- C:\Windows\system32\5PUPTPQWQattis
2011-03-15 12:08:25 ----D---- C:\Windows\5PUPTPQWQattis
2011-03-15 12:08:25 ----D---- C:\AX NF ZZ
2011-03-15 12:01:22 ----D---- C:\Program Files\PKWARE
2011-03-15 12:01:22 ----D---- C:\Program Files\Common Files\PKWARE
2011-03-15 11:31:40 ----D---- C:\Program Files\Siemens
2011-03-15 11:31:40 ----D---- C:\Program Files\Common Files\Siemens
2011-03-15 11:28:40 ----A---- C:\Windows\ISScript_aux_log.txt
2011-03-15 11:28:36 ----D---- C:\Windows\TempRASETUP
2011-03-15 11:26:53 ----D---- C:\ProgramData\Siemens
2011-03-14 16:24:59 ----AH---- C:\Windows\system32\winio.sys
2011-03-09 17:20:51 ----A---- C:\Windows\system32\eax.dll
2011-03-09 17:20:47 ----D---- C:\Windows\system32\embedded
2011-03-08 20:54:04 ----A---- C:\Windows\system32\glut32.dll

======List of files/folders modified in the last 1 months======

2011-04-06 09:58:07 ----D---- C:\Program Files
2011-04-06 09:51:49 ----D---- C:\Windows\System32
2011-04-06 09:51:49 ----D---- C:\Windows\inf
2011-04-06 09:51:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-06 00:27:06 ----D---- C:\Windows\system32\drivers
2011-04-06 00:27:06 ----D---- C:\Windows\Downloaded Installations
2011-04-05 21:19:08 ----D---- C:\ProgramData
2011-04-05 20:33:32 ----D---- C:\Windows
2011-04-05 20:33:32 ----A---- C:\Windows\system.ini
2011-04-05 20:33:21 ----D---- C:\Windows\system32\drivers\etc
2011-04-05 20:33:05 ----A---- C:\Windows\system32\acovcnt.exe
2011-04-05 20:31:22 ----D---- C:\Windows\system32\config
2011-04-05 20:25:30 ----D---- C:\Windows\AppPatch
2011-04-05 20:25:29 ----D---- C:\Program Files\Common Files
2011-04-05 19:50:19 ----D---- C:\Windows\Prefetch
2011-04-05 19:19:09 ----SD---- C:\Windows\Downloaded Program Files
2011-04-04 13:24:15 ----SHD---- C:\System Volume Information
2011-04-01 13:36:09 ----D---- C:\Windows\system32\LogFiles
2011-03-29 18:08:02 ----D---- C:\Windows\system32\catroot2
2011-03-27 15:06:30 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-27 15:06:30 ----D---- C:\Program Files\ASUS
2011-03-24 20:36:47 ----D---- C:\Program Files\Mozilla Firefox
2011-03-20 21:14:06 ----D---- C:\Users\Grzegorz\AppData\Roaming\Skype
2011-03-19 09:44:48 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-18 20:02:06 ----SHD---- C:\Windows\Installer
2011-03-17 00:56:27 ----D---- C:\Program Files\Nowe Gadu-Gadu
2011-03-16 20:03:30 ----D---- C:\Users\Grzegorz\AppData\Roaming\uTorrent
2011-03-16 19:26:54 ----D---- C:\Windows\pss
2011-03-15 12:06:20 ----D---- C:\Windows\Setup
2011-03-15 11:44:57 ----D---- C:\Windows\system32\catroot
2011-03-15 11:37:42 ----D---- C:\Windows\winsxs
2011-03-15 11:28:24 ----D---- C:\Windows\security
2011-03-11 16:00:18 ----AD---- C:\ProgramData\Temp
2011-03-07 12:39:41 ----D---- C:\dddd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2009-07-04 30264]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-11 329752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-09-26 721904]
R1 ABTDI;ABTDI; \??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-26 51208]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2010-03-11 16688]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-10-10 278984]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-10-10 25416]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP); C:\Windows\system32\DRIVERS\s7opcsrtx.sys [2010-06-07 31744]
R2 s7snsrtx;PROFINET IO RT-Protocol V1.0; C:\Windows\system32\DRIVERS\s7snsrtx.sys [2009-02-24 73088]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO); C:\Windows\system32\DRIVERS\sntie.sys [2010-01-24 336128]
R3 ABndisMP;ABndisMP; C:\Windows\system32\DRIVERS\abndis.sys [2009-12-01 34384]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ABFLT;ArcaBit File Monitor Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [2010-10-06 51792]
S3 ABndis;ABndis Service; C:\Windows\system32\DRIVERS\abndis.sys [2009-12-01 34384]
S3 aqacwmu8;aqacwmu8; C:\Windows\system32\drivers\aqacwmu8.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101760]
S3 jgameenp;jgameenp; \??\C:\Users\Grzegorz\AppData\Local\Temp\jgameenp.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000]
S3 WINIO;WINIO; \??\C:\Windows\system32\winio.sys [2001-11-13 41324]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 almservice;Automation License Manager Service; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [2010-05-06 1102848]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-28 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2009-04-15 271760]
R2 s7hspsvx;S7 HSP Service; C:\Program Files\Siemens\Step7\s7bin\s7hspsvx.exe [2010-06-02 61493]
R2 s7oiehsx;SIMATIC IEPG Help Service; C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2010-06-07 1576072]
R2 S7TraceServiceX;S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2010-06-07 240776]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator; C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2010-02-05 207440]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService; C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2009-09-11 248400]
S3 fsssvc;Bezpieczeñstwo rodzinne us³ugi Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 ABMainSV;ArcaBit Main Service; C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe [2010-06-09 122152]
S4 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [2010-06-09 277072]
S4 AVTasks2;ArcaBit Tasks Service; C:\Program Files\ArcaBit\Common\ArcaTasksService.exe [2010-04-28 96848]
S4 AVUpdate;ArcaBit Update Service; C:\Program Files\ArcaBit\ArcaUpdate\update.exe [2010-05-24 117328]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; D:\Programy\Visual studio_2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------