Logi - Wyskakujące reklamy w IE

Witam!

Od mniej więcej dwóch dni mam problem z wyskakującymi reklamami w IE. Podczas normalnego użytkowania komputera pojawiają się zawsze dwie te same reklamy w nowych oknach IE (bądź 'file not found"). Po zamknięciu pojawiają się po ok 10-20 min ponownie. Czy ktoś może mi pomóc? Zamieszczam logi... Z góry dzięki.

OTL Extras logfile created on: 2010-10-24 18:28:57 - Run 1OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Kuba\Desktop\Log An unknown product  (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 287,37 Gb Total Space | 237,26 Gb Free Space | 82,56% Space Free | Partition Type: NTFSDrive D: | 10,71 Gb Total Space | 9,90 Gb Free Space | 92,47% Space Free | Partition Type: FAT32Drive E: | 225,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSDrive F: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBUSPUCHATEK | User Name: Kuba | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = Opera.HTML] -- C:\Program Files\Opera 11.00 alpha\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ==========  ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution"{770D94F9-211A-4BC7-9921-FC946ABD82C8}_is1" = HomeBank 4.3"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007"{90120000-0015-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007"{90120000-0016-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0017-0415-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Polish) 2007"{90120000-0017-0415-0000-0000000FF1CE}_OMUI.pl-pl_{A740A405-DDE4-461F-AC66-6C79E81C87BE}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007"{90120000-0018-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007"{90120000-0019-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007"{90120000-001A-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007"{90120000-001B-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.pl-pl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007"{90120000-001F-0415-0000-0000000FF1CE}_OMUI.pl-pl_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007"{90120000-0044-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007"{90120000-006E-0415-0000-0000000FF1CE}_OMUI.pl-pl_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007"{90120000-00A1-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007"{90120000-00BA-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0100-0415-0000-0000000FF1CE}" = Microsoft Office O MUI (Polish) 2007"{90120000-0100-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0101-0415-0000-0000000FF1CE}" = Microsoft Office X MUI (Polish) 2007"{90120000-0101-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite"{E580DFEA-3F1D-4B56-9115-984217032FF5}" = Windows Live Sync"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)"7-Zip" = 7-Zip 9.13 beta"Abe's Oddysee" = Abe's Oddysee"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"ASUS VIBE" = ASUS VIBE"ASUS WebStorage" = ASUS WebStorage"avast5" = avast! Free Antivirus"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)"ENTERPRISE" = Microsoft Office Enterprise 2007"EssentialPIM" = EssentialPIM"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)"Football Manager 2010" = Football Manager 2010"Foxit Reader" = Foxit Reader"JDownloader" = JDownloader"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)"NapiProjekt_is1" = NapiProjekt 1.0.6.9"Nokia Ovi Suite" = Nokia Ovi Suite"NVIDIA Drivers" = NVIDIA Drivers"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"OMUI.pl-pl" = Microsoft Office Language Pack 2007 - Polish/Polski"Opera 11.00.1029" = Opera 11.00 alpha build 1029"Pimero 2010 R1 Free Edition_is1" = Pimero 2010 R1 Free Edition"RealAlt_is1" = <a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a> 2.0.2"scilab-5.2.2_is1" = scilab-5.2.2"SubEdit-Player_is1" = SubEdit-Player"SynTPDeinstKey" = Synaptics Pointing Device Driver"uTorrent" = µTorrent"Windows7_Key_Changer Trial_is1" = Windows7_Key_Changer 1.0.0"WinLiveSuite_Wave3" = Podstawowe programy Windows Live ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"eBook Reader" = eBook Reader ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = Opera.HTML] -- C:\Program Files\Opera 11.00 alpha\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ==========  ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution"{770D94F9-211A-4BC7-9921-FC946ABD82C8}_is1" = HomeBank 4.3"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007"{90120000-0015-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007"{90120000-0016-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0017-0415-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Polish) 2007"{90120000-0017-0415-0000-0000000FF1CE}_OMUI.pl-pl_{A740A405-DDE4-461F-AC66-6C79E81C87BE}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007"{90120000-0018-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007"{90120000-0019-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007"{90120000-001A-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007"{90120000-001B-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.pl-pl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007"{90120000-001F-0415-0000-0000000FF1CE}_OMUI.pl-pl_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007"{90120000-0044-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007"{90120000-006E-0415-0000-0000000FF1CE}_OMUI.pl-pl_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007"{90120000-00A1-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007"{90120000-00BA-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0100-0415-0000-0000000FF1CE}" = Microsoft Office O MUI (Polish) 2007"{90120000-0100-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0101-0415-0000-0000000FF1CE}" = Microsoft Office X MUI (Polish) 2007"{90120000-0101-0415-0000-0000000FF1CE}_OMUI.pl-pl_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C5096D00-8B9C-41DB-8472-9D721E982DF0}" = Podstawowe programy Windows Live"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite"{E580DFEA-3F1D-4B56-9115-984217032FF5}" = Windows Live Sync"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)"7-Zip" = 7-Zip 9.13 beta"Abe's Oddysee" = Abe's Oddysee"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"ASUS VIBE" = ASUS VIBE"ASUS WebStorage" = ASUS WebStorage"avast5" = avast! Free Antivirus"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)"ENTERPRISE" = Microsoft Office Enterprise 2007"EssentialPIM" = EssentialPIM"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)"Football Manager 2010" = Football Manager 2010"Foxit Reader" = Foxit Reader"JDownloader" = JDownloader"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)"NapiProjekt_is1" = NapiProjekt 1.0.6.9"Nokia Ovi Suite" = Nokia Ovi Suite"NVIDIA Drivers" = NVIDIA Drivers"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"OMUI.pl-pl" = Microsoft Office Language Pack 2007 - Polish/Polski"Opera 11.00.1029" = Opera 11.00 alpha build 1029"Pimero 2010 R1 Free Edition_is1" = Pimero 2010 R1 Free Edition"RealAlt_is1" = <a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a> 2.0.2"scilab-5.2.2_is1" = scilab-5.2.2"SubEdit-Player_is1" = SubEdit-Player"SynTPDeinstKey" = Synaptics Pointing Device Driver"uTorrent" = µTorrent"Windows7_Key_Changer Trial_is1" = Windows7_Key_Changer 1.0.0"WinLiveSuite_Wave3" = Podstawowe programy Windows Live ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"eBook Reader" = eBook Reader ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

OTL logfile created on: 2010-10-24 18:28:57 - Run 1OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Kuba\Desktop\Log An unknown product  (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 287,37 Gb Total Space | 237,26 Gb Free Space | 82,56% Space Free | Partition Type: NTFSDrive D: | 10,71 Gb Total Space | 9,90 Gb Free Space | 92,47% Space Free | Partition Type: FAT32Drive E: | 225,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSDrive F: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBUSPUCHATEK | User Name: Kuba | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exePRC - [2010-10-23 19:20:06 | 000,274,432 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kuba\AppData\Local\Temp\Ds0.exePRC - [2010-10-23 19:20:03 | 000,266,240 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kuba\AppData\Local\Temp\Dsz.exePRC - [2010-10-08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exePRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exePRC - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exePRC - [2010-02-28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXEPRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exePRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exePRC - [2009-11-26 15:52:04 | 001,732,608 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exePRC - [2009-11-23 15:00:48 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exePRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-10-26 14:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exePRC - [2009-10-16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exePRC - [2009-09-11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exePRC - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exePRC - [2009-08-02 16:05:24 | 002,348,320 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2009-08-02 16:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2009-08-02 16:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exePRC - [2009-07-20 17:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exePRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2008-06-13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exePRC - [2008-06-13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe  ========== Modules (SafeList) ========== MOD - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exeMOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dllMOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dllMOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dllMOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dllMOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dllMOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dllMOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dllMOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dllMOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dllMOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dllMOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010-05-22 15:17:41 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)SRV - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)SRV - [2009-08-02 16:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)SRV - [2008-06-13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)SRV - [2008-06-13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)  ========== Driver Services (SafeList) ========== DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2010-05-22 11:03:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)DRV - [2010-01-29 02:46:18 | 000,997,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009-12-11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)DRV - [2009-11-25 10:42:38 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)DRV - [2009-11-25 10:41:20 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)DRV - [2009-11-25 10:41:20 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)DRV - [2009-11-25 10:41:18 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)DRV - [2009-11-25 10:40:50 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)DRV - [2009-11-23 14:59:56 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2009-08-12 14:19:18 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)DRV - [2009-08-07 16:16:00 | 009,824,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009-07-27 23:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)DRV - [2009-07-20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009-07-14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)DRV - [2009-07-06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)DRV - [2009-06-29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-05-22 17:22:15 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-05-22 17:22:16 | 000,000,000 | ---D | M]  O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)O4 - HKCU..\Run: []  File not foundO4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe ()O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Kuba\AppData\Local\Temp\Ds0.exe (Trend Micro Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] () - E:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 000,000,049 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2009-07-30 10:30:42 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ CDFS ]O32 - AutoRun File - [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ CDFS ]O32 - AutoRun File - [2006-09-11 15:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell - "" = AutoRunO33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive)O33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell - "" = AutoRunO33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] ()O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-10-24 18:17:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Log[2010-10-24 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\homebank[2010-10-24 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\HomeBank[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\soft-evolution[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PimeroUpdater[2010-10-24 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\soft-evolution[2010-10-24 12:47:10 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\Windows\System32\Firebird2Control.cpl[2010-10-24 12:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird[2010-10-24 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pimero 2010 Free Edition[2010-10-23 19:17:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\49324C827201EF9E1ED1347BA5FD4061[2010-10-22 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Scilab[2010-10-22 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\scilab-5.2.2[2010-10-21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera 11.00 alpha[2010-10-16 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications[2010-10-16 15:47:11 | 000,110,592 | ---- | C] (RCTech Labs) -- C:\Windows\System32\glxpbuttonz.ocx[2010-10-16 15:47:11 | 000,036,864 | ---- | C] (MoonValleySoft.com) -- C:\Windows\System32\MD5.ocx[2010-10-16 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7_Key_Changer[2010-10-16 13:40:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SoftGrid Client[2010-10-16 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\SoftGrid Client[2010-10-16 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2010-10-16 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client[2010-10-16 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\TP[2010-10-13 14:01:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2010-10-13 14:01:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll[2010-10-13 14:01:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2010-10-13 14:01:41 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2010-10-13 14:01:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll[2010-10-13 14:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2010-10-13 14:01:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2010-10-13 14:01:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll[2010-10-13 14:01:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2010-10-13 14:01:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe[2010-10-13 14:01:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2010-10-13 14:01:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll[2010-10-13 14:01:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll[2010-10-13 14:01:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll[2010-10-13 14:01:25 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2010-10-13 14:01:12 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL[2010-10-13 14:01:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll[2010-10-13 14:01:08 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll[2010-10-12 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2010-10-12 17:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime[2010-10-12 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010-10-12 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2010-10-06 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\eBook Reader[2010-10-03 18:36:28 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll[2010-10-03 18:36:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll[2010-10-03 18:36:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll[2010-10-03 18:36:27 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll[2010-10-03 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>[2010-09-29 20:22:26 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys[2010-09-29 19:27:59 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Behavioural Finance[2010-09-29 19:27:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Financial Institutions[2010-09-29 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Corporate Financial Management[2010-09-29 15:37:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll[2010-09-28 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Quant. Methods[2010-09-26 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Adobe ========== Files - Modified Within 30 Days ========== [2010-10-24 18:30:10 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job[2010-10-24 18:29:59 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job[2010-10-24 18:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010-10-24 15:37:05 | 000,000,257 | ---- | M] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | M] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-24 15:33:26 | 000,014,736 | ---- | M] () -- C:\Users\Kuba\Desktop\ST.GALLEN.xlsx[2010-10-24 12:47:00 | 000,001,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pimero.lnk[2010-10-24 11:12:44 | 000,691,620 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2010-10-24 11:12:44 | 000,610,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010-10-24 11:12:44 | 000,132,824 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2010-10-24 11:12:44 | 000,104,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010-10-24 11:06:44 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys[2010-10-23 11:37:08 | 017,932,751 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:33:04 | 005,015,530 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:24:29 | 023,577,062 | ---- | M] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:58 | 000,414,708 | ---- | M] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:41:52 | 072,987,453 | ---- | M] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:18 | 000,356,451 | ---- | M] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010-10-17 23:03:44 | 000,001,542 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml[2010-10-14 22:35:57 | 235,933,696 | ---- | M] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-14 06:57:21 | 000,411,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2010-10-13 18:53:24 | 009,310,270 | ---- | M] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-10-03 20:07:27 | 000,012,800 | ---- | M] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010-10-24 15:37:05 | 000,000,257 | ---- | C] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | C] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-24 12:47:00 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pimero.lnk[2010-10-23 19:20:14 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job[2010-10-23 19:20:09 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job[2010-10-23 11:33:39 | 017,932,751 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:32:05 | 005,015,530 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:19:52 | 023,577,062 | ---- | C] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:53 | 000,414,708 | ---- | C] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:39:44 | 072,987,453 | ---- | C] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:17 | 000,356,451 | ---- | C] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-14 22:30:04 | 235,933,696 | ---- | C] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-13 18:53:23 | 009,310,270 | ---- | C] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-09-23 19:12:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010-05-22 11:03:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2010-05-20 20:43:19 | 000,012,800 | ---- | C] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-05-20 20:42:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll[2010-05-20 20:42:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2010-05-20 20:42:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2010-05-20 20:42:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2010-05-20 20:42:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll[2010-05-20 16:05:12 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys[2010-05-20 15:41:12 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini[2010-05-20 15:33:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll< End of report >PRC - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exePRC - [2010-10-23 19:20:03 | 000,266,240 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kuba\AppData\Local\Temp\Dsz.exePRC - [2010-10-08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exePRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2010-02-28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXEPRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exePRC - [2009-11-26 15:52:04 | 001,732,608 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exePRC - [2009-11-23 15:00:48 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exePRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-08-02 16:05:24 | 002,348,320 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exePRC - [2009-08-02 16:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2009-07-20 17:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exePRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe  ========== Modules (SafeList) ========== MOD - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exeMOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dllMOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dllMOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dllMOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dllMOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dllMOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dllMOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dllMOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dllMOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dllMOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dllMOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010-05-22 15:17:41 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)SRV - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)SRV - [2009-08-02 16:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)SRV - [2008-06-13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)SRV - [2008-06-13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)  ========== Driver Services (SafeList) ========== DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2010-05-22 11:03:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)DRV - [2010-01-29 02:46:18 | 000,997,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009-12-11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)DRV - [2009-11-25 10:42:38 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)DRV - [2009-11-25 10:41:20 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)DRV - [2009-11-25 10:41:20 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)DRV - [2009-11-25 10:41:18 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)DRV - [2009-11-25 10:40:50 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)DRV - [2009-11-23 14:59:56 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2009-08-12 14:19:18 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)DRV - [2009-08-07 16:16:00 | 009,824,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009-07-27 23:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)DRV - [2009-07-20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009-07-14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)DRV - [2009-07-06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)DRV - [2009-06-29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-05-22 17:22:15 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-05-22 17:22:16 | 000,000,000 | ---D | M]  O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)O4 - HKCU..\Run: []  File not foundO4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe ()O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Kuba\AppData\Local\Temp\Ds0.exe (Trend Micro Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] () - E:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 000,000,049 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2009-07-30 10:30:42 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ CDFS ]O32 - AutoRun File - [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ CDFS ]O32 - AutoRun File - [2006-09-11 15:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell - "" = AutoRunO33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive)O33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell - "" = AutoRunO33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] ()O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-10-24 18:17:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Log[2010-10-24 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\homebank[2010-10-24 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\HomeBank[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\soft-evolution[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PimeroUpdater[2010-10-24 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\soft-evolution[2010-10-24 12:47:10 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\Windows\System32\Firebird2Control.cpl[2010-10-24 12:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird[2010-10-24 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pimero 2010 Free Edition[2010-10-23 19:17:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\49324C827201EF9E1ED1347BA5FD4061[2010-10-22 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Scilab[2010-10-22 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\scilab-5.2.2[2010-10-21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera 11.00 alpha[2010-10-16 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications[2010-10-16 15:47:11 | 000,110,592 | ---- | C] (RCTech Labs) -- C:\Windows\System32\glxpbuttonz.ocx[2010-10-16 15:47:11 | 000,036,864 | ---- | C] (MoonValleySoft.com) -- C:\Windows\System32\MD5.ocx[2010-10-16 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7_Key_Changer[2010-10-16 13:40:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SoftGrid Client[2010-10-16 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\SoftGrid Client[2010-10-16 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2010-10-16 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client[2010-10-16 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\TP[2010-10-13 14:01:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2010-10-13 14:01:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll[2010-10-13 14:01:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2010-10-13 14:01:41 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2010-10-13 14:01:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll[2010-10-13 14:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2010-10-13 14:01:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2010-10-13 14:01:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll[2010-10-13 14:01:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2010-10-13 14:01:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe[2010-10-13 14:01:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2010-10-13 14:01:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll[2010-10-13 14:01:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll[2010-10-13 14:01:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll[2010-10-13 14:01:25 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2010-10-13 14:01:12 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL[2010-10-13 14:01:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll[2010-10-13 14:01:08 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll[2010-10-12 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2010-10-12 17:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime[2010-10-12 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010-10-12 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2010-10-06 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\eBook Reader[2010-10-03 18:36:28 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll[2010-10-03 18:36:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll[2010-10-03 18:36:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll[2010-10-03 18:36:27 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll[2010-10-03 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>[2010-09-29 20:22:26 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys[2010-09-29 19:27:59 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Behavioural Finance[2010-09-29 19:27:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Financial Institutions[2010-09-29 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Corporate Financial Management[2010-09-29 15:37:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll[2010-09-28 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Quant. Methods[2010-09-26 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Adobe ========== Files - Modified Within 30 Days ========== [2010-10-24 18:30:10 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job[2010-10-24 18:29:59 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job[2010-10-24 18:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010-10-24 15:37:05 | 000,000,257 | ---- | M] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | M] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-24 15:33:26 | 000,014,736 | ---- | M] () -- C:\Users\Kuba\Desktop\ST.GALLEN.xlsx[2010-10-24 12:47:00 | 000,001,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pimero.lnk[2010-10-24 11:12:44 | 000,691,620 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2010-10-24 11:12:44 | 000,610,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010-10-24 11:12:44 | 000,132,824 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2010-10-24 11:12:44 | 000,104,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010-10-24 11:06:44 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys[2010-10-23 11:37:08 | 017,932,751 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:33:04 | 005,015,530 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:24:29 | 023,577,062 | ---- | M] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:58 | 000,414,708 | ---- | M] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:41:52 | 072,987,453 | ---- | M] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:18 | 000,356,451 | ---- | M] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010-10-17 23:03:44 | 000,001,542 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml[2010-10-14 22:35:57 | 235,933,696 | ---- | M] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-14 06:57:21 | 000,411,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2010-10-13 18:53:24 | 009,310,270 | ---- | M] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-10-03 20:07:27 | 000,012,800 | ---- | M] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010-10-24 15:37:05 | 000,000,257 | ---- | C] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | C] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-24 12:47:00 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pimero.lnk[2010-10-23 19:20:14 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job[2010-10-23 19:20:09 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job[2010-10-23 11:33:39 | 017,932,751 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:32:05 | 005,015,530 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:19:52 | 023,577,062 | ---- | C] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:53 | 000,414,708 | ---- | C] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:39:44 | 072,987,453 | ---- | C] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:17 | 000,356,451 | ---- | C] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-14 22:30:04 | 235,933,696 | ---- | C] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-13 18:53:23 | 009,310,270 | ---- | C] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-09-23 19:12:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010-05-22 11:03:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2010-05-20 20:43:19 | 000,012,800 | ---- | C] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-05-20 20:42:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll[2010-05-20 20:42:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2010-05-20 20:42:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2010-05-20 20:42:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2010-05-20 20:42:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll[2010-05-20 16:05:12 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys[2010-05-20 15:41:12 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini[2010-05-20 15:33:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll< End of report >

GMER 1.0.15.15477 - http://www.gmer.netRootkit scan 2010-10-24 20:44:41Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\axrcrkoc.sys---- System - GMER 1.0.15 ----Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwCreateProcessEx [0x889DCBAE]Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwCreateSection [0x889DC9D2]Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwLoadDriver [0x889DCB0C]Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 NtCreateSectionCode            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ObMakeTemporaryObject---- Kernel code sections - GMER 1.0.15 ----.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                       82C85599 1 Byte  [06].text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                82CA9F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                             82DE3291 7 Bytes  JMP 889DCB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                    82E4AFBF 5 Bytes  JMP 889D85D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                      82E64CF3 5 Bytes  JMP 889DA012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE            ntkrnlpa.exe!NtCreateSection                                                                                          82E72D63 7 Bytes  JMP 889DC9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                        82F1CEAC 7 Bytes  JMP 889DCBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)?               System32\Drivers\spgi.sys                                                                                             System nie może odnaleźć określonej ścieżki. !.text           USBPORT.SYS!DllUnload                                                                                                 8EB28CA0 5 Bytes  JMP 8610F4E0 .text           av47yfff.SYS                                                                                                          8F353000 12 Bytes  [44, 08, C1, 82, EE, 06, C1, ...].text           av47yfff.SYS                                                                                                          8F35300D 9 Bytes  [E7, C0, 82, 48, 0B, C1, 82, ...] {OUT 0xc0, EAX; OR BYTE [EAX+0xb], -0x3f; ADD BYTE [EAX], 0x0}.text           av47yfff.SYS                                                                                                          8F353017 170 Bytes  [00, DE, 67, 38, 88, E6, 65, ...].text           av47yfff.SYS                                                                                                          8F3530C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}.text           av47yfff.SYS                                                                                                          8F3530CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}.text           ...                                                                                                                   ---- User code sections - GMER 1.0.15 ----.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter                    75863162 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }---- Kernel IAT/EAT - GMER 1.0.15 ----IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                              [8828A042] \SystemRoot\System32\Drivers\spgi.sysIAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                             [8828A6D6] \SystemRoot\System32\Drivers\spgi.sysIAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                      [8828A800] \SystemRoot\System32\Drivers\spgi.sysIAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                       [8828A13E] \SystemRoot\System32\Drivers\spgi.sysIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortNotification]                                            000003E3IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortQuerySystemTime]                                         8B24568BIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortReadPortUchar]                                           50522046IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortStallExecution]                                          FFED23E8IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortWritePortUchar]                                          08C483FFIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortWritePortUlong]                                          0874FF85IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                      FF53006AIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                           08C483D7IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                    81107D8BIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortGetParentBusType]                                        [0003E5FF] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortRequestCallback]                                         0F840F00IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                   81000001IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                    [0003E3FF] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortCompleteRequest]                                         EC840F00IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortCopyMemory]                                              8B000000IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortEtwTraceLog]                                             0001F88EIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                               FC8E0B00IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                  0F000001IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                    0000DA84IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                    ECF2E800IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortInitialize]                                              8E8BFFFFIAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortGetDeviceBase]                                           000001F8IAT             \SystemRoot\System32\Drivers\av47yfff.SYS[ataport.SYS!AtaPortDeviceStateChange]                                       01E08E01---- Devices - GMER 1.0.15 ----Device          \FileSystem\Ntfs \Ntfs                                                                                                84CD41F8Device          \FileSystem\fastfat \FatCdrom                                                                                         8610D1F8Device          \Driver\NetBT \Device\NetBT_Tcpip_{FE41022E-2D52-42C3-A832-58E432BE5B85}                                              86020500AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                               Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                               Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)Device          \Driver\volmgr \Device\VolMgrControl                                                                                  84CD01F8Device          \Driver\usbohci \Device\USBPDO-0                                                                                      861101F8Device          \Driver\usbehci \Device\USBPDO-1                                                                                      861121F8Device          \Driver\usbohci \Device\USBPDO-2                                                                                      861101F8Device          \Driver\usbehci \Device\USBPDO-3                                                                                      861121F8Device          \Driver\NetBT \Device\NetBT_Tcpip_{6B539EA0-46CE-42BA-96B1-D64FA12527F9}                                              86020500AttachedDevice  \Driver\tdx \Device\Tcp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                84CD01F8AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                84CD01F8AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)Device          \Driver\cdrom \Device\CdRom0                                                                                          86B47500Device          \Driver\ACPI_HAL \Device\00000059                                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                           84CD21F8Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    84CD21F8Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    84CD21F8Device          \Driver\cdrom \Device\CdRom1                                                                                          86B47500Device          \Driver\PCI_PNP8704 \Device\00000067                                                                                  spgi.sysDevice          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               86020500Device          \Driver\NetBT \Device\NetBT_Tcpip_{B5047529-381B-48C9-808D-16839F276499}                                              86020500AttachedDevice  \Driver\tdx \Device\Udp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)Device          \Driver\sptd \Device\1415952704                                                                                       spgi.sysDevice          \Driver\usbohci \Device\USBFDO-0                                                                                      861101F8Device          \Driver\usbehci \Device\USBFDO-1                                                                                      861121F8Device          \Driver\usbohci \Device\USBFDO-2                                                                                      861101F8Device          \Driver\usbehci \Device\USBFDO-3                                                                                      861121F8Device          \Driver\av47yfff \Device\Scsi\av47yfff1Port2Path0Target1Lun0                                                          86250500Device          \Driver\av47yfff \Device\Scsi\av47yfff1Port2Path0Target0Lun0                                                          86250500Device          \Driver\av47yfff \Device\Scsi\av47yfff1                                                                               86250500Device          \FileSystem\fastfat \Fat                                                                                              8610D1F8AttachedDevice  \FileSystem\fastfat \Fat                                                                                              fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)Device          \FileSystem\cdfs \Cdfs                                                                                                9E72E1F8---- Registry - GMER 1.0.15 ----Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd603034d                                           Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                    771343423Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                    285507792Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                    1Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files\Alcohol Soft\Alcohol 52\Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xFA 0x74 0x90 0x14 ...Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x02 0xE2 0x9F 0x47 ...Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xAB 0xA7 0x45 0xBC ...Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41                      Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                0xBF 0xF9 0x38 0xB6 ...Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd603034d (not active ControlSet)                       Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 52\Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xFA 0x74 0x90 0x14 ...Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x02 0xE2 0x9F 0x47 ...Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xAB 0xA7 0x45 0xBC ...Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBF 0xF9 0x38 0xB6 ...---- EOF - GMER 1.0.15 ----

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/Operating System: Windows 7Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount" ["Alcohol Soft Development Team"]"(Default)" = "(empty string)" [file not found]"EssentialPIM" = ""C:\Program Files\EssentialPIM\EssentialPIM.exe" /autorun" [null data]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"KOO9RV9K4Z" = "C:\Users\Kuba\AppData\Local\Temp\Ds0.exe" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" ["Realtek Semiconductor"]"HotkeyMon" = "AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe" ["ASUSTek Computer Inc."]"HotkeyService" = "AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe" ["ASUSTek Computer Inc."]"SuperHybridEngine" = "AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe" ["ASUSTek Computer Inc."]"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe""SynAsusAcpi" = "C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe""EeeStorageBackup" = "C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder" [null data]"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]"avast5" = ""C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui" ["AVAST Software"]"NokiaMServer" = "C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup" ["Nokia"]"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Groove GFS Browser Helper"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live"                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = "SkypeIEPluginBHO"  -> {HKLM...CLSID} = "Skype add-on for Internet Explorer"                   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AsusWSShellExt_B\(Default) = "{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"  -> {HKLM...CLSID} = "AsusWSShellExt_B Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL" ["eCareme Technologies, Inc."]AsusWSShellExt_O\(Default) = "{618A47A2-528B-4D9A-AFC8-97D3233511E2}"  -> {HKLM...CLSID} = "AsusWSShellExt_O Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL" ["eCareme Technologies, Inc."]Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics Incorporated"]"{b1b96b20-da1d-4a3c-92c1-7229b32f2325}" = "BackupContextMenuExtension"  -> {HKLM...CLSID} = "XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension"                   \InProcServer32\(Default) = "mscoree.dll" [MS]"{d6044399-0b9e-4084-a9ac-c4b7c7800fcf}" = "FolderItem"  -> {HKLM...CLSID} = "ASUS WebStorage"                   \InProcServer32\(Default) = "mscoree.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" = "NVIDIA Play On My TV Context Menu Extension"  -> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"                   \InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"  -> {HKLM...CLSID} = "7-Zip Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"  -> {HKLM...CLSID} = "Groove GFS Browser Helper"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"  -> {HKLM...CLSID} = "Groove Folder Synchronization"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"  -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"  -> {HKLM...CLSID} = "Groove XML Icon Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"  -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Outlook File Icon Extension"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL" [MS]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"  -> {HKLM...CLSID} = "iTunes"                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"  -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = "BtwCredentialProvider"  -> {HKLM...CLSID} = "BtwCredentialProvider"                   \InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll" ["Broadcom Corporation."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"  -> {HKLM...CLSID} = "Local Groove Web Services Protocol"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll" [MS]<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"  -> {HKLM...CLSID} = "HxProtocol Class"                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]<<!>> skype-ie-addon-data\CLSID = "{91774881-D725-4E58-B298-07617B9B86A8}"  -> {HKLM...CLSID} = "Skype IE add-on Pluggable Protocol"                   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"  -> {HKLM...CLSID} = "IEProtocolHandler Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]BackupContextMenuExtension\(Default) = "{b1b96b20-da1d-4a3c-92c1-7229b32f2325}"  -> {HKLM...CLSID} = "XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension"                   \InProcServer32\(Default) = "mscoree.dll" [MS]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\BackupContextMenuExtension\(Default) = "{b1b96b20-da1d-4a3c-92c1-7229b32f2325}"  -> {HKLM...CLSID} = "XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension"                   \InProcServer32\(Default) = "mscoree.dll" [MS]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"  -> {HKLM...CLSID} = "7-Zip Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\NvCplDesktopContext\(Default) = "{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"  -> {HKLM...CLSID} = "NVIDIA CPL Context Menu Extension"                   \InProcServer32\(Default) = "C:\Windows\system32\nvshext.dll" ["NVIDIA Corporation"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"  -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 52%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 52\alcohol.exe" %1" ["Alcohol Soft Development Team"]iTunesBurnCDOnArrival\"Provider" = "iTunes""InvokeProgID" = "iTunes.BurnCD""InvokeVerb" = "burn"HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]iTunesImportSongsOnArrival\"Provider" = "iTunes""InvokeProgID" = "iTunes.ImportSongsOnCD""InvokeVerb" = "import"HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]iTunesPlaySongsOnArrival\"Provider" = "iTunes""InvokeProgID" = "iTunes.PlaySongsOnCD""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]iTunesShowSongsOnArrival\"Provider" = "iTunes""InvokeProgID" = "iTunes.ShowSongsOnCD""InvokeVerb" = "showsongs"HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]DESKTOP.INI DLL launch in local fixed drive directories:--------------------------------------------------------WARNING! Q: is an unreadable partition!Startup items in "Kuba" & "All Users" startup folders:------------------------------------------------------C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Non-disabled Scheduled Tasks:-----------------------------C:\Users\Kuba\AppData\Local\Microsoft\Windows Sidebar\Settings.iniC:\Windows\System32\Tasks"{90308BFB-AFDE-49F0-93FB-59E814FC9F32}" ->  launches: "C:\Windows\system32\pcalua.exe -a C:\Users\Kuba\Desktop\Lotus_notes851_Win_DE_CZ8ZKDE.exe -d C:\Users\Kuba\Desktop" [MS]"{B5FF02A4-DE5E-4CF4-83EF-D004FC666F90}" ->  launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."]"{BCADD28E-8C9B-4BC2-A7F4-C8CE81DB6BCD}" ->  launches: "C:\Program Files\Abe's Oddysee\AbeWin.exe" ["Oddworld Inhabitants, Inc."]C:\Windows\System32\Tasks\Apple"AppleSoftwareUpdate" ->  launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]C:\Windows\System32\Tasks\Games"UpdateCheck_S-1-5-21-2553460519-3020706055-4050734797-1000" -> (HIDDEN!) launches: "{CA22F5B1-E06F-4A2B-94FC-21E87FE53781}"  -> {HKLM...CLSID} = "GameUpdateTask Class"                   \InProcServer32\(Default) = "C:\Windows\System32\gameux.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Office Genuine Advantage"OGALogon" -> (HIDDEN!) launches: "C:\Windows\system32\OGAExec.exe /batch" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client"AD RMS Rights Policy Template Management (Manual)" ->  launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"  -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"                   \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience"AitAgent" ->  launches: "aitagent" [MS]"ProgramDataUpdater" ->  launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Autochk"Proxy" ->  launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth"UninstallDeviceTask" ->  launches: "BthUdTask.exe $(Arg0)" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient"SystemTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]"UserTask" ->  launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"  -> {HKLM...CLSID} = "Certificate Services Client Task Handler"                   \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program"Consolidator" ->  launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"  -> {HKLM...CLSID} = "KernelCeipCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]"Uploader" ->  launches: "%windir%\system32\WSqmCons.exe -u" [MS]"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"  -> {HKLM...CLSID} = "UsbCeip"                   \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Defrag"ScheduledDefrag" ->  launches: "%windir%\system32\defrag.exe -c" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"  -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Location"Notifications" ->  launches: "%windir%\System32\LocationNotifications.exe" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance"WinSAT" ->  launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"  -> {HKLM...CLSID} = "WinSAT Task Manger Task"                   \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Media Center"ActivateWindowsSearch" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]"ConfigureInternetTimeService" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]"DispatchRecoveryTasks" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]"ehDRMInit" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]"InstallPlayReady" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]"mcupdate" ->  launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]"MediaCenterRecoveryTask" ->  launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]"ObjectStoreRecoveryTask" ->  launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]"OCURActivate" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]"OCURDiscovery" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]"PBDADiscovery" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]"PBDADiscoveryW1" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]"PBDADiscoveryW2" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]"PvrRecoveryTask" ->  launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]"PvrScheduleTask" ->  launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]"RegisterSearch" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]"ReindexSearchRoot" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]"SqlLiteRecoveryTask" ->  launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]"StartRecording" ->  launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]"UpdateRecordPath" ->  launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"  -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"  -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC"HotStart" ->  launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"  -> {HKLM...CLSID} = "HotStart User Agent"                   \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\MUI"LPRemove" ->  launches: "%windir%\system32\lpremove.exe" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia"SystemSoundsService" ->  launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"  -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"                   \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace"GatherNetworkInfo" ->  launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack"BackgroundConfigSurveyor" -> (HIDDEN!) launches: "{EA9155A3-8A39-40b4-8963-D3C761B18371}"  -> {HKLM...CLSID} = "PerfTrack TaskHandler class"                   \InProcServer32\(Default) = "C:\Windows\System32\perftrack.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics"AnalyzeSystem" ->  launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\RAC"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"  -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Ras"MobilityManager" ->  launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"  -> {HKLM...CLSID} = "RasMobilityManager"                   \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Registry"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"  -> {HKLM...CLSID} = "RegistryIdleBackupHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\SideShow"GadgetManager" ->  launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"  -> {HKLM...CLSID} = "GadgetsManager Class"                   \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore"SR" ->  launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"  -> {HKLM...CLSID} = "RunTask"                   \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip"IpAddressConflict1" ->  launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]"IpAddressConflict2" ->  launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"  -> {HKLM...CLSID} = "MsCtfMonitor task handler"                   \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization"SynchronizeTime" ->  launches: "%windir%\system32\sc.exe start w32time task_started" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\UPnP"UPnPHostConfig" ->  launches: "sc.exe config upnphost start= auto" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\WDI"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"  -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"                   \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [null data]"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting"QueueReporting" ->  launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing"UpdateLibrary" ->  launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup"ConfigNotification" ->  launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]C:\Windows\System32\Tasks\Microsoft\Windows Defender"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]C:\Windows\System32\Tasks\WPD"SqmUpload_S-1-5-21-2553460519-3020706055-4050734797-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]000000000008\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 59Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll" [MS]{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\"ButtonText" = "Skype add-on for Internet Explorer""MenuText" = "Skype add-on for Internet Explorer""CLSIDExtension" = "{898EA8C8-E7FF-479B-8935-AEC46303B9E5}"  -> {HKLM...CLSID} = "Skype add-on for Internet Explorer (toolbar button)"                   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]Application Virtualization Client, sftlist, ""C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe"" [MS]Application Virtualization Service Agent, sftvsa, ""C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe"" [MS]Asus Launcher Service, AsusService, "C:\Windows\System32\AsusService.exe" [null data]avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"]Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" ["Broadcom Corporation."]Client Virtualization Handler, cvhsvc, ""C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"" [MS]Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, ""C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe" -s DefaultInstance" ["Firebird Project"]Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, ""C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe" -s DefaultInstance" ["Firebird Project"]NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe" ["StarWind Software"]Usługa Bonjour, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]Usługa iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor4\Driver = "CNBLM4.DLL" ["CANON INC."]Epson Inbox Language Monitor01\Driver = "EP0SLM01.DLL" ["SEIKO EPSON CORPORATION"]Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2010-10-24 19:45:44)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 316 seconds.---------- (total run time: 499 seconds)

Użytkownik Katarina edytował ten post 25 10 2010 - 16:52

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Kuba\AppData\Local\Temp\Ds0.exe (Trend Micro Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010-10-23 19:20:14 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010-10-23 19:20:09 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

:Services
sshnas

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[Reboot]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

==============================

Po restarcie pojawił się dodatkowy użytkownik ("Inny użytkownik") ale wszedłem na swoje konto (już zniknął wybór użytkownika). Niestety nie pojawił się raport...

Zamieszczam raport po nowym skanowaniu:

OTL logfile created on: 2010-10-24 23:42:57 - Run 2OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Kuba\Desktop\Log An unknown product  (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free3,00 Gb Paging File | 2,00 Gb Available in Paging File | 70,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 287,37 Gb Total Space | 238,11 Gb Free Space | 82,86% Space Free | Partition Type: NTFSDrive D: | 10,71 Gb Total Space | 9,90 Gb Free Space | 92,47% Space Free | Partition Type: FAT32Drive E: | 225,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSDrive F: | 2,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBUSPUCHATEK | User Name: Kuba | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exePRC - [2010-10-11 11:57:54 | 007,124,472 | ---- | M] () -- C:\Program Files\EssentialPIM\EssentialPIM.exePRC - [2010-10-08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exePRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exePRC - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exePRC - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exePRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exePRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exePRC - [2009-11-26 15:52:04 | 001,732,608 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exePRC - [2009-11-23 15:00:48 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exePRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009-10-26 14:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exePRC - [2009-10-16 21:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exePRC - [2009-09-11 11:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exePRC - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exePRC - [2009-08-02 16:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2009-08-02 16:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exePRC - [2009-07-20 17:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exePRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009-07-14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exePRC - [2008-06-13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exePRC - [2008-06-13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe  ========== Modules (SafeList) ========== MOD - [2010-10-24 18:19:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\Log\OTL.exeMOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dllMOD - [2009-07-14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dllMOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dllMOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dllMOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dllMOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dllMOD - [2009-07-14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dllMOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dllMOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dllMOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dllMOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll  ========== Win32 Services (SafeList) ========== SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)SRV - [2010-05-22 15:17:41 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)SRV - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)SRV - [2009-08-02 16:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV - [2009-07-14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)SRV - [2009-07-14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)SRV - [2009-07-14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009-07-14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)SRV - [2009-07-14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)SRV - [2009-07-14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)SRV - [2009-07-14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)SRV - [2008-06-13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)SRV - [2008-06-13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)  ========== Driver Services (SafeList) ========== DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2010-09-07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2010-05-22 11:03:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)DRV - [2010-01-29 02:46:18 | 000,997,408 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)DRV - [2010-01-21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2009-12-30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-12-30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-12-30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009-12-11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)DRV - [2009-11-25 10:42:38 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)DRV - [2009-11-25 10:41:20 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)DRV - [2009-11-25 10:41:20 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)DRV - [2009-11-25 10:41:18 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)DRV - [2009-11-25 10:40:50 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)DRV - [2009-11-23 14:59:56 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2009-08-12 14:19:18 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)DRV - [2009-08-07 16:16:00 | 009,824,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009-07-27 23:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)DRV - [2009-07-20 17:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)DRV - [2009-07-14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)DRV - [2009-07-14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)DRV - [2009-07-14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)DRV - [2009-07-14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)DRV - [2009-07-14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)DRV - [2009-07-14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)DRV - [2009-07-14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)DRV - [2009-07-14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)DRV - [2009-07-14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009-07-14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)DRV - [2009-07-14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)DRV - [2009-07-14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)DRV - [2009-07-14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)DRV - [2009-07-14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)DRV - [2009-07-14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)DRV - [2009-07-06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)DRV - [2009-06-29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-05-22 17:22:15 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-05-22 17:22:16 | 000,000,000 | ---D | M]  O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)O4 - HKCU..\Run: [EssentialPIM] C:\Program Files\EssentialPIM\EssentialPIM.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not foundO30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] () - E:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2010-03-03 18:55:44 | 000,000,049 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2009-07-30 10:30:42 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ CDFS ]O32 - AutoRun File - [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ CDFS ]O32 - AutoRun File - [2006-09-11 15:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]O33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell - "" = AutoRunO33 - MountPoints2\{1e1753ce-6581-11df-ad64-1c4bd603034d}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008-11-27 14:02:24 | 000,214,280 | R--- | M] (Sports Interactive)O33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell - "" = AutoRunO33 - MountPoints2\{30a45654-d839-11df-bce6-485b3911ef1d}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010-03-03 18:55:44 | 001,797,208 | RH-- | M] ()O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-10-24 23:34:10 | 000,000,000 | ---D | C] -- C:\_OTL[2010-10-24 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic[2010-10-24 19:36:04 | 000,000,000 | ---D | C] -- C:\Octave[2010-10-24 18:17:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Log[2010-10-24 15:35:25 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\homebank[2010-10-24 15:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\HomeBank[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\soft-evolution[2010-10-24 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PimeroUpdater[2010-10-24 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\soft-evolution[2010-10-24 12:47:10 | 000,462,848 | ---- | C] (IBPhoenix) -- C:\Windows\System32\Firebird2Control.cpl[2010-10-24 12:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird[2010-10-23 19:17:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\49324C827201EF9E1ED1347BA5FD4061[2010-10-22 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Scilab[2010-10-22 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\scilab-5.2.2[2010-10-21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Opera 11.00 alpha[2010-10-16 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications[2010-10-16 15:47:11 | 000,110,592 | ---- | C] (RCTech Labs) -- C:\Windows\System32\glxpbuttonz.ocx[2010-10-16 15:47:11 | 000,036,864 | ---- | C] (MoonValleySoft.com) -- C:\Windows\System32\MD5.ocx[2010-10-16 15:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7_Key_Changer[2010-10-16 13:40:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SoftGrid Client[2010-10-16 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\SoftGrid Client[2010-10-16 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2010-10-16 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client[2010-10-16 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\TP[2010-10-13 14:01:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2010-10-13 14:01:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll[2010-10-13 14:01:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2010-10-13 14:01:41 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2010-10-13 14:01:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll[2010-10-13 14:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2010-10-13 14:01:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2010-10-13 14:01:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll[2010-10-13 14:01:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2010-10-13 14:01:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe[2010-10-13 14:01:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2010-10-13 14:01:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll[2010-10-13 14:01:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll[2010-10-13 14:01:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll[2010-10-13 14:01:25 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2010-10-13 14:01:12 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL[2010-10-13 14:01:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll[2010-10-13 14:01:08 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll[2010-10-12 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2010-10-12 17:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime[2010-10-12 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010-10-12 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010-10-08 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2010-10-06 20:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\eBook Reader[2010-10-03 18:36:28 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll[2010-10-03 18:36:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll[2010-10-03 18:36:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll[2010-10-03 18:36:27 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll[2010-10-03 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative[2010-09-29 20:22:26 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys[2010-09-29 19:27:59 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Behavioural Finance[2010-09-29 19:27:21 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Financial Institutions[2010-09-29 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Corporate Financial Management[2010-09-29 15:37:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll[2010-09-28 22:21:46 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Quant. Methods[2010-09-26 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Adobe ========== Files - Modified Within 30 Days ========== [2010-10-24 23:40:10 | 000,411,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2010-10-24 23:40:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010-10-24 23:39:50 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys[2010-10-24 19:50:07 | 000,699,946 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2010-10-24 19:50:07 | 000,618,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010-10-24 19:50:07 | 000,136,214 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2010-10-24 19:50:07 | 000,107,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010-10-24 15:37:05 | 000,000,257 | ---- | M] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | M] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-24 15:33:26 | 000,014,736 | ---- | M] () -- C:\Users\Kuba\Desktop\ST.GALLEN.xlsx[2010-10-23 11:37:08 | 017,932,751 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:33:04 | 005,015,530 | ---- | M] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:24:29 | 023,577,062 | ---- | M] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:58 | 000,414,708 | ---- | M] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:41:52 | 072,987,453 | ---- | M] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:18 | 000,356,451 | ---- | M] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2010-10-18 23:20:33 | 000,012,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2010-10-17 23:03:44 | 000,001,542 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml[2010-10-14 22:35:57 | 235,933,696 | ---- | M] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-13 18:53:24 | 009,310,270 | ---- | M] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-10-03 20:07:27 | 000,012,800 | ---- | M] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010-10-24 15:37:05 | 000,000,257 | ---- | C] () -- C:\Users\Kuba\untitled.xhb[2010-10-24 15:37:05 | 000,000,218 | ---- | C] () -- C:\Users\Kuba\.recently-used.xbel[2010-10-23 11:33:39 | 017,932,751 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010013.mp4[2010-10-23 11:32:05 | 005,015,530 | ---- | C] () -- C:\Users\Kuba\Desktop\07102010014.mp4[2010-10-23 11:19:52 | 023,577,062 | ---- | C] () -- C:\Users\Kuba\Desktop\14102010016.mp4[2010-10-22 14:42:53 | 000,414,708 | ---- | C] () -- C:\Users\Kuba\Desktop\21102010170.jpg[2010-10-21 19:39:44 | 072,987,453 | ---- | C] () -- C:\Users\Kuba\Desktop\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe[2010-10-20 14:23:17 | 000,356,451 | ---- | C] () -- C:\Users\Kuba\Desktop\CSC-HSG Cover Letter Example.pdf[2010-10-14 22:30:04 | 235,933,696 | ---- | C] () -- C:\Users\Kuba\Desktop\E.v.i.e.w.s 7 Full.iso[2010-10-13 18:53:23 | 009,310,270 | ---- | C] () -- C:\Users\Kuba\Desktop\Business Analysis and Valuation Test and Cases.pdf[2010-09-23 19:12:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010-05-22 11:03:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2010-05-20 20:43:19 | 000,012,800 | ---- | C] () -- C:\Users\Kuba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-05-20 20:42:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll[2010-05-20 20:42:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2010-05-20 20:42:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2010-05-20 20:42:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2010-05-20 20:42:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll[2010-05-20 16:05:12 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys[2010-05-20 15:41:12 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini[2010-05-20 15:33:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll< End of report >

Użytkownik Katarina edytował ten post 25 10 2010 - 16:53

W nowym logu nie widzę już niczego szkodliwego.

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
,