Searchengines.pl: Restartowanie sie komputera - Searchengines.pl

Proszę o sprawdzenie loga. Problem polegał na tym, że komputer się resetowałw różnych sytuacjach. Przeskanowałem Combofixem, jednak przy ponownym uruchomieniu komputera (wymuszonym przez Combofixa) komputer sie zrestartował znowu. Log poniżej jest po ponownym uruchomieniu komputera. Nie wiem czy nie ma problemu również z MKS VIR, bo przy uruchomianiu Combofixa wykrywalo tam wirusa, chociaż na innym kompie z MKS Vir nie było takiego problemu.
PS. zauważyłem, że mimo usuwania cały czas od nowa tworzy się folder: c:\windows\system32\Plugins z dwoma podfolderami (hoster i youcrypt), ale są puste te podfoldery
Jeszcze raz proszę o sprawdzenie loga - z góry dziękuję

ComboFix 09-04-21.A0 - Ewa 2009-04-21 8:44.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.767.399 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ewa\Pulpit\ComboFix.exe
AV: mks_vir 2k7 *On-access scanning disabled* (Updated)
FW: Firewall mks_vir 2k7 *disabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Plugins
.
---- Poprzednie uruchomienie -------
.
c:\documents and settings\Ewa\Dane aplikacji\inst.exe
c:\documents and settings\Ewa\Dane aplikacji\Microsoft\SystemCertificates\Request
c:\windows\IE4 Error Log.txt
c:\windows\system32\adfcaacddc_z.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddlwarez.dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gameblog.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\gwarez.dll
c:\windows\system32\Plugins\YouCrypt\linkbank.dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\rsprotect.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-20 05:33 . 2009-04-20 05:33 23 ----a-w c:\windows\system32\ceeefddd5_z.ocx
2009-04-17 08:09 . 2009-04-17 08:09 -------- d-sh--w C:\FOUND.021
2009-04-16 05:43 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 05:43 . 2009-03-06 14:22 285696 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 05:43 . 2009-02-09 11:25 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 05:43 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 05:43 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 05:43 . 2009-02-09 10:53 686592 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 05:43 . 2009-02-09 10:53 731136 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 05:43 . 2009-02-09 10:53 722944 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 05:43 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 05:42 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 05:42 . 2008-04-21 21:16 218112 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 08:05 . 2009-04-15 07:01 26 ----a-w c:\windows\Zone.Identifier
2009-04-14 05:57 . 2009-04-14 05:57 -------- d-sh--w C:\FOUND.020
2009-04-09 06:21 . 2009-04-09 06:21 -------- d-sh--w C:\FOUND.019
2009-04-09 06:05 . 2009-04-09 06:05 -------- d-----w C:\Hewlett-Packard
2009-04-07 11:49 . 2009-04-07 11:49 -------- d-sh--w C:\FOUND.018
2009-04-07 09:20 . 2009-04-07 09:20 -------- d-sh--w C:\FOUND.017
2009-04-06 10:04 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-06 05:33 . 2009-04-06 05:33 -------- d-sh--w C:\FOUND.016
2009-04-03 13:25 . 2009-04-03 13:25 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-02 11:08 . 2009-04-02 11:08 -------- d-sh--w C:\FOUND.015
2009-04-01 11:52 . 2009-04-01 11:52 -------- d-sh--w c:\documents and settings\Ewa\IECompatCache
2009-03-30 13:21 . 2009-03-30 13:21 -------- d-sh--w c:\documents and settings\Ewa\PrivacIE
2009-03-30 13:14 . 2009-03-30 13:14 -------- d-sh--w c:\documents and settings\Ewa\IETldCache
2009-03-30 13:12 . 2009-03-30 13:12 -------- d--h--w c:\windows\msdownld.tmp
2009-03-30 13:11 . 2009-03-30 13:11 -------- d-----w c:\windows\ie8updates
2009-03-30 13:07 . 2009-03-30 13:07 -------- d--h--w c:\windows\ie8
2009-03-30 13:04 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-03-30 13:03 . 2009-03-30 13:03 17223168 ----a-w C:\windows_xp_pl.exe
2009-03-30 12:38 . 2009-03-30 12:38 -------- d-sh--w C:\FOUND.014
2009-03-30 11:54 . 2009-03-30 11:54 -------- d-----w C:\!KillBox
2009-03-30 11:06 . 2009-03-30 11:06 -------- d-sh--w C:\FOUND.013
2009-03-30 06:18 . 2009-03-30 06:18 -------- d-sh--w C:\FOUND.012
2009-03-30 05:43 . 2009-03-30 05:43 -------- d-sh--w C:\FOUND.011
2009-03-27 13:40 . 2009-03-27 13:40 -------- d-sh--w C:\FOUND.010
2009-03-27 13:34 . 2009-03-27 13:34 -------- d-sh--w C:\FOUND.009
2009-03-25 08:05 . 2009-03-25 08:05 -------- d-sh--w C:\FOUND.008

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 06:36 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP03ce.tmp
2009-04-20 07:44 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP065f.tmp
2009-04-20 05:37 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1072.tmp
2009-04-20 05:24 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPea99.tmp
2009-04-17 05:51 . 2006-03-02 10:00 81364 ----a-w c:\windows\system32\perfc015.dat
2009-04-17 05:51 . 2006-03-02 10:00 463404 ----a-w c:\windows\system32\perfh015.dat
2009-04-17 05:46 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPec01.tmp
2009-04-17 05:39 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP06eb.tmp
2009-04-16 10:33 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0f77.tmp
2009-04-15 09:49 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP10ee.tmp
2009-04-15 05:36 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP10a0.tmp
2009-04-14 10:43 . 2007-02-12 14:25 13030 ----a-w C:\PDOXUSRS.NET
2009-04-14 05:43 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP114c.tmp
2009-04-09 07:40 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPda6d.tmp
2009-04-09 06:52 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPff89.tmp
2009-04-09 06:21 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0238.tmp
2009-04-09 06:17 . 2008-04-17 06:23 47360 ----a-w c:\documents and settings\Ewa\Dane aplikacji\pcouffin.sys
2009-04-09 06:11 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP093d.tmp
2009-04-08 12:14 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd9ff.tmp
2009-04-08 11:46 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd9b1.tmp
2009-04-08 11:33 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0219.tmp
2009-04-08 11:07 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP06fb.tmp
2009-04-08 08:21 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP2d97.tmp
2009-04-07 11:22 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPdc41.tmp
2009-04-07 10:59 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPdb28.tmp
2009-04-07 09:35 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPdb76.tmp
2009-04-07 09:31 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd7cd.tmp
2009-04-07 06:04 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0b12.tmp
2009-04-07 05:40 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1071.tmp
2009-04-06 05:28 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP14d6.tmp
2009-04-03 05:53 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP18dd.tmp
2009-04-02 11:08 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP63ca.tmp
2009-04-02 11:04 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP09d9.tmp
2009-04-02 05:51 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0ab4.tmp
2009-04-01 14:02 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0630.tmp
2009-04-01 08:19 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPfc4d.tmp
2009-04-01 05:38 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPfa1a.tmp
2009-03-31 05:50 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd2eb.tmp
2009-03-31 05:45 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd358.tmp
2009-03-30 13:14 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd1d2.tmp
2009-03-30 12:44 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPcf9f.tmp
2009-03-30 12:38 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd58b.tmp
2009-03-30 12:17 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd414.tmp
2009-03-30 11:20 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd3c6.tmp
2009-03-30 11:13 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd368.tmp
2009-03-30 11:06 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd27d.tmp
2009-03-30 11:00 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPd3d5.tmp
2009-03-30 09:53 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP4239.tmp
2009-03-30 09:37 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe01a.tmp
2009-03-30 09:32 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP3a98.tmp
2009-03-30 09:18 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPec3f.tmp
2009-03-30 09:07 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP141a.tmp
2009-03-30 07:22 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP140b.tmp
2009-03-30 06:20 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1311.tmp
2009-03-30 06:06 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPedb6.tmp
2009-03-30 05:43 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe3c3.tmp
2009-03-27 13:58 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP51e8.tmp
2009-03-27 13:40 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe337.tmp
2009-03-27 13:35 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe402.tmp
2009-03-27 13:30 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe52b.tmp
2009-03-27 13:02 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0b41.tmp
2009-03-27 05:35 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP19b8.tmp
2009-03-25 08:00 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1b7d.tmp
2009-03-24 05:52 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1f07.tmp
2009-03-21 14:09 . 2009-03-21 14:08 1018368 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-17 07:30 . 2009-03-17 07:30 -------- d-----w c:\program files\Common Files\IPSPI
2009-03-16 05:29 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP1dde.tmp
2009-03-13 06:27 . 2009-03-13 06:27 -------- d-----w c:\program files\Xvid
2009-03-11 05:56 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe308.tmp
2009-03-11 05:48 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPe191.tmp
2009-03-11 05:43 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP0d83.tmp
2009-03-10 20:18 . 2007-03-15 16:17 970632 ------w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2007-03-15 16:16 265608 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 05:39 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMPf9cc.tmp
2009-03-09 05:34 . 2007-02-12 10:46 98304 ----a-w c:\windows\DUMP19e7.tmp
2009-03-09 03:19 . 2008-12-01 05:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 12:09 . 2009-03-08 12:09 638816 ------w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 . 2009-03-08 12:09 391536 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 . 2008-04-21 06:44 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:34 . 2008-04-21 06:44 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 . 2006-03-02 10:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2008-06-26 08:14 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:34 . 2009-03-08 02:34 236544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 . 2009-03-08 02:34 43008 ------w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 . 2006-03-02 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 . 2009-03-08 02:34 105984 ------w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 . 2009-03-08 02:34 193536 ------w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 . 2009-03-08 02:34 109568 ------w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:33 . 2009-03-08 02:33 759296 ------w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 . 2009-03-08 02:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 . 2006-03-02 10:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2009-03-08 02:33 25600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 . 2008-05-09 10:56 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 . 2009-03-08 02:33 229376 ------w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 . 2008-05-09 10:56 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 . 2006-03-02 10:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 . 2009-03-08 02:33 125952 ------w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 . 2009-03-08 02:32 72704 ------w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 . 2006-03-02 10:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2009-03-08 02:32 173056 ------w c:\windows\system32\dllcache\ie4uinit.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"mks_mail"="c:\program files\mks_vir_2007\bin\mks_mail.exe" [2007-03-14 520192]
"mkstray"="c:\program files\mks_vir_2007\bin\mkstray.exe" [2007-07-05 663552]
"MKSRegmon"="c:\program files\mks_vir_2007\bin\mksregmon.exe" [2007-03-23 303104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ewa\Menu Start\Programy\Autostart\
winsys.exe.lnk - c:\windows\system32\winsys.exe [2008-10-16 1960448]
winword.exe.lnk - c:\windows\system32\winword.exe [2008-10-16 1960448]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\DOS-PR08\\DOSprinter\\DOSprint.exe"=

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2006-03-24 33536]
R3 mksidsf;mksidsf;c:\windows\system32\mksidsf.sys [2007-03-29 11776]
R3 MksMonEn;MksMonEn;c:\program files\mks_vir_2007\bin\MksMonEn.sys [2007-08-13 385024]
R3 MksMonEv;MksMonEv;c:\program files\mks_vir_2007\bin\MksMonEv.sys [2007-03-23 89600]
R4 MksFwall;MksFwall;c:\program files\mks_vir_2007\bin\MksFwall.exe [2007-04-10 270336]
R4 NWCWorkstation1;Usługa klienta dla systemu NetWare;c:\windows\system32\svchost.exe [2008-04-14 14336]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 MksPC;MksPC;c:\program files\mks_vir_2007\bin\MksPC.exe [2007-03-06 253952]
S2 MksUpdate;MksUpdate;c:\program files\mks_vir_2007\bin\mksupdate.exe [2007-03-26 570880]
S3 MksMonFd;MksMonFd;c:\program files\mks_vir_2007\bin\MksMonFd.sys [2007-02-07 26624]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
TCP: {7C132743-38D9-48B6-9906-3CD27D1A49C4} = 194.204.159.1,194.204.152.34
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 08:47
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jadlmkejdgdfnkhmodgl"=hex:69,61,66,67,66,6c,6a,68,6a,6e,68,61,62,68,6e,64,6b,
6f,00,00
"oajlglamoimhnnpdgcbppfagfjopao"=hex:6a,61,66,67,6e,6b,6a,6a,61,6c,67,6e,6f,69,
61,61,68,69,62,6b,00,00
"nalceloagoanleiikimnpeoonbjm"=hex:6a,61,66,67,6e,6b,6a,6a,61,6c,67,6e,6f,69,
61,61,68,69,62,6b,00,00
"abfmodlgeiepnmcikcicadhhlplmfhhodf"=hex:65,62,6d,63,62,6b,6c,62,63,66,6d,65,
6e,6f,6c,64,68,64,6c,66,62,62,63,6b,64,68,6c,6d,65,64,6c,66,62,65,6d,6a,67,\
"pafmodlgeiepnmcikcicadhhlpimmhnk"=hex:64,62,64,67,61,65,6f,65,6f,6c,65,65,6f,
70,6f,66,66,67,6b,66,70,6a,62,68,62,66,66,62,6a,6b,6b,6f,6f,6e,69,6b,6c,6e,\
"bbkmlggaidhlkenhinldnedfpfeeahkgphjp"=hex:64,62,64,67,61,65,6f,65,6f,6c,65,65,
6f,70,6f,66,66,67,6b,66,70,6a,62,68,62,66,66,62,6a,6b,6b,6f,6f,6e,69,6b,6c,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(612)
c:\program files\mks_vir_2007\bin\mkslsp.dll

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-04-21 8:48
ComboFix-quarantined-files.txt 2009-04-21 06:48

Przed: 3 529 555 968 bajtów wolnych
Po: 3 515 727 872 bajtów wolnych

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
325 --- E O F --- 2009-04-16 14:04

1. ZASADY działu, czyli o logach i niestosowaniu ComboFix ot tak / bez potrzeby. A tu przy okazji mam pytanie, czy wiesz jak wejść do Konsoli i przywrócić rejestr:

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

2. Do wykonania punkt 5 z instrukcji: KLIK. Czyli kod błędu + debug DMP.

Cytat

Wątpliwości co to za zjawiska. To mi pachnie jakimiś pobieraczami do Rapidów:

• Podejrzane wpisy. Czy na komputerze był instalowany program Load (do Rapida właśnie)?
  
  

  c:\documents and settings\Ewa\Menu Start\Programy\Autostart\
  winsys.exe.lnk - c:\windows\system32\winsys.exe [2008-10-16 1960448]
  winword.exe.lnk - c:\windows\system32\winword.exe [2008-10-16 1960448]

  
  
  
• W kwestii tego nieznanego katalogu c:\windows\system32\Plugins. Na torrent widzę nieco podobny zestaw Rapidshare Downloader lub Unlimited Rapidshare downloads AOI Compilation. Brałeś coś takiego? Wejść do C:\Qoobox\Quarantine, zzipować te pliki, wysłać mi na PW link.

.

więc tak, o to log z debuging tools:


Jeśli chodzi o kod błędu to:
STOP: 0x0000007E (0xC0000005, 0xF21DB0E2, 0xF7B2DAEC, 0xF7B2D7E8)
o139Lf5N.sys - Address F21DB0E2 base at F21c2000, DateStamp 49c8f464

Jeśli chodzi o to czy był instalowany program Load to nie mam pojęcia niestety, bo to nie jest mój komputer...

Nie wiem co to za plik o139Lf5N.sys. Wykonaj te dwa logi wymagane ogłoszeniem: Gmer + OTListIt2.

Log z OTLIST2:
OTListIt Extras logfile created on: 2009-04-21 10:55:14 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ewa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

766,73 Mb Total Physical Memory | 512,70 Mb Available Physical Memory | 66,87% Memory free
1,08 Gb Paging File | 0,87 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,82 Gb Total Space | 2,88 Gb Free Space | 17,14% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 39,06 Gb Total Space | 35,23 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive Y: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive Z: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS

Computer Name: KSIEGOWOSC
Current User Name: Ewa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-09-26 13:35:38 | 01,848,616 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
[2008-04-20 13:14:38 | 01,262,592 | ---- | M] (Nix-Ware.com Paweł Barut) -- C:\DOS-PR08\DOSprinter\DOSprint.exe:*:Enabled:DOS printer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 7.03.001
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{29CBFC23-05A7-4286-93B8-BABE29BC1045}" = Nero 7 Essentials
"{2DB2E8BB-C478-4882-B53D-1E34C70952F7}" = d2System ver_ I_3_3_11b
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB6EE7-DF64-4F26-9273-9525FC11A417}" = Instalacja programu mks_vir 2k7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{ABDF78D0-6F94-440B-917F-22803D165F14}" = Platinum Guard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B96A7F3B-AF29-489A-AE84-1DDF5942971C}" = proCertum CardManager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"7-Zip" = 7-Zip 4.43 beta
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"e-PFRON OffLine" = e-PFRON OffLine 1.3.5
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Niezbędnik CD_is1" = Niezbędnik CD
"NixWareDOSprinter" = Nix-Ware.com DOS printer emulator (tylko usuwanie)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PABS 4.1_is1" = PABS 4.1
"PITy 2007_is1" = PITy 2007 dla Windows kompilacja:1.0.1.2
"PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.1
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 0.9.8a
"Webshots Desktop_is1" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-04-07 06:27:37 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd vlc.exe, wersja 0.9.8.1, moduł powodujący
błąd libvlccore.dll, wersja 0.9.8.1, adres błędu 0x0007d6a0.

Error - 2009-04-07 09:50:31 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca P2.exe, wersja 7.3.10.502, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-04-09 01:51:26 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msimn.exe, wersja 6.0.2900.5512, moduł powodujący
błąd , wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-04-14 06:01:44 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd repman.exe, wersja 3.3.22.4, moduł powodujący
błąd repman.exe, wersja 3.3.22.4, adres błędu 0x0013b3f5.

Error - 2009-04-14 06:15:08 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca vlc.exe, wersja 0.9.8.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-04-14 06:17:03 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca vlc.exe, wersja 0.9.8.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-04-20 02:45:24 | Computer Name = KSIEGOWOSC | Source = MsiInstaller | ID = 11704
Description = Produkt: Microsoft Office Professional Edition 2003 -- Błąd 1704.
Instalacja Noiseware Community Edition jest aktualnie wstrzymana. Musisz cofnąć
zmiany uczynione przez tę instalację, aby kontynuować. Czy chcesz cofnąć te zmiany?

Error - 2009-04-21 03:23:54 | Computer Name = KSIEGOWOSC | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2009-04-21 04:02:35 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd windbg.exe, wersja 6.11.1.404, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00520076.

Error - 2009-04-21 04:54:37 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2009-04-21 03:23:54 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Karta wydajności WMI z powodu następującego
błędu: %%1053

Error - 2009-04-21 04:47:10 | Computer Name = KSIEGOWOSC | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi
mks_scan z argumentami „-Service” w celu uruchomienia serwera: {0B3B62DF-96A8-42BC-9C0C-A6CCE7E0BA03}

Error - 2009-04-21 04:47:11 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą MkS_Scan.

Error - 2009-04-21 04:47:11 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi MkS_Scan z powodu następującego błędu:
%%1053

Error - 2009-04-21 04:47:45 | Computer Name = KSIEGOWOSC | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi
mks_scan z argumentami „-Service” w celu uruchomienia serwera: {0B3B62DF-96A8-42BC-9C0C-A6CCE7E0BA03}

Error - 2009-04-21 04:47:46 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą MkS_Scan.

Error - 2009-04-21 04:47:46 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi MkS_Scan z powodu następującego błędu:
%%1053

Error - 2009-04-21 04:48:24 | Computer Name = KSIEGOWOSC | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi
mks_scan z argumentami „-Service” w celu uruchomienia serwera: {0B3B62DF-96A8-42BC-9C0C-A6CCE7E0BA03}

Error - 2009-04-21 04:48:24 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą MkS_Scan.

Error - 2009-04-21 04:48:24 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi MkS_Scan z powodu następującego błędu:
%%1053


< End of report >

OTListIt logfile created on: 2009-04-21 10:55:14 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ewa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

766,73 Mb Total Physical Memory | 512,70 Mb Available Physical Memory | 66,87% Memory free
1,08 Gb Paging File | 0,87 Gb Available in Paging File | 80,77% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,82 Gb Total Space | 2,88 Gb Free Space | 17,14% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 39,06 Gb Total Space | 35,23 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive Y: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS
Drive Z: | 55,88 Gb Total Space | 52,42 Gb Free Space | 93,81% Space Free | Partition Type: NTFS

Computer Name: KSIEGOWOSC
Current User Name: Ewa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003-05-05 08:57:30 | 00,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2007-03-14 08:20:38 | 00,520,192 | ---- | M] (MkS Sp. z o.o.) -- C:\Program Files\mks_vir_2007\bin\mks_mail.exe
PRC - [2007-07-05 07:46:42 | 00,663,552 | ---- | M] (MKS Sp z o.o.) -- C:\Program Files\mks_vir_2007\bin\mkstray.exe
PRC - [2007-03-23 08:40:18 | 00,303,104 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksregmon.exe
PRC - [2003-10-31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006-06-15 08:43:20 | 00,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005-02-16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009-03-09 05:19:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-10-16 12:56:22 | 01,960,448 | ---- | M] () -- C:\WINDOWS\system32\winsys.exe
PRC - [2009-03-09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-04-19 13:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007-03-06 08:14:18 | 00,253,952 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksPC.exe
PRC - [2007-03-26 16:28:00 | 00,570,880 | ---- | M] (MKS Sp. z o. o.) -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe
PRC - [2008-03-17 14:30:36 | 00,389,120 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
PRC - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 19:21:44 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009-04-21 10:43:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-10-18 09:02:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-03-09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-04-19 13:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007-04-10 10:39:02 | 00,270,336 | ---- | M] (MKS Sp z o.o.) -- C:\Program Files\mks_vir_2007\bin\MksFwall.exe -- (MksFwall [Disabled | Stopped])
SRV - [2007-03-06 08:14:18 | 00,253,952 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksPC.exe -- (MksPC [Auto | Running])
SRV - [2007-03-26 16:28:00 | 00,570,880 | ---- | M] (MKS Sp. z o. o.) -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe -- (MksUpdate [Auto | Running])
SRV - [2008-03-17 14:30:36 | 00,389,120 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe -- (MksVirMonSvc [Auto | Running])
SRV - [2009-03-09 07:34:34 | 00,270,336 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mks_scan.exe -- (MkS_Scan [On_Demand | Stopped])
SRV - [2007-09-17 10:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008-04-14 19:20:42 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation1 [Disabled | Stopped])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006-03-24 19:14:00 | 00,033,536 | R--- | M] (Advanced Card Systems Ltd) -- C:\WINDOWS\system32\DRIVERS\a38usb.sys -- (ACSSCR [On_Demand | Stopped])
DRV - [2002-04-01 07:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001-08-17 21:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
DRV - [2001-08-17 21:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys -- (Fallback [Auto | Running])
DRV - [2001-08-17 21:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys -- (Fsks [Auto | Running])
DRV - [2006-06-12 11:36:30 | 00,009,344 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Running])
DRV - [2001-08-17 21:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
DRV - [2001-08-17 21:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys -- (K56 [Auto | Running])
DRV - [2007-03-29 08:22:04 | 00,011,776 | ---- | M] () -- C:\WINDOWS\system32\mksidsf.sys -- (mksidsf [On_Demand | Stopped])
DRV - [2007-08-13 07:44:16 | 00,385,024 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonEn.sys -- (MksMonEn [On_Demand | Stopped])
DRV - [2007-03-23 08:40:16 | 00,089,600 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonEv.sys -- (MksMonEv [On_Demand | Stopped])
DRV - [2007-02-07 14:35:36 | 00,026,624 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonFd.sys -- (MksMonFd [On_Demand | Running])
DRV - [2001-08-17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004-08-03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-06-19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008-04-17 08:23:48 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2006-03-02 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001-08-17 21:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-08-12 13:15:48 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001-08-17 21:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys -- (SoftFax [Auto | Running])
DRV - [2008-07-17 09:13:16 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001-08-17 21:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys -- (Tones [Auto | Running])
DRV - [2001-08-17 21:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_V124.sys -- (V124 [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\S-1-5-21-796845957-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\S-1-5-21-796845957-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://beta.onet.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-12-01 07:56:56 | 00,000,000 | ---D | M]

[2008-07-10 15:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Extensions
[2008-07-10 15:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007-04-27 09:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Firefox\Profiles\06rab3mv.default\extensions
[2007-09-05 09:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Firefox\Profiles\06rab3mv.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-796845957-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-796845957-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe (MkS Sp. z o.o.)
O4 - HKLM..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe ()
O4 - HKLM..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe (MKS Sp z o.o.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on (HP)
O4 - HKU\S-1-5-21-796845957-362288127-839522115-1003..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - Startup: C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winsys.exe.lnk = C:\WINDOWS\system32\winsys.exe ()
O4 - Startup: C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winword.exe.lnk = C:\WINDOWS\system32\winword.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7C132743-38D9-48B6-9906-3CD27D1A49C4}\\NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-12 13:38:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[108 C:\WINDOWS\*.tmp files]
[2009-04-21 10:43:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe
[2009-04-21 09:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2009-04-21 09:56:16 | 17,815,040 | ---- | C] () -- C:\Documents and Settings\Ewa\Pulpit\dbg_x86_6.11.1.404.msi
[2009-04-21 09:38:21 | 13,709,800 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Ewa\Pulpit\launch.exe
[2009-04-21 09:09:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Plugins
[2009-04-21 09:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-04-21 09:06:49 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009-04-21 09:06:49 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Registry Mechanic.lnk
[2009-04-21 09:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009-04-21 09:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ewa\Pulpit\Registry Mechanic 8
[2009-04-21 09:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ewa\Dane aplikacji\WinRAR
[2009-04-21 09:05:04 | 01,309,117 | ---- | C] () -- C:\Documents and Settings\Ewa\Pulpit\wrar380pl.exe
[2009-04-21 09:05:01 | 07,486,053 | ---- | C] () -- C:\Documents and Settings\Ewa\Pulpit\Registry_Mechanic_8.rar
[2009-04-21 08:30:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-21 08:30:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-21 08:30:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-21 08:30:53 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009-04-21 08:30:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-04-21 08:30:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-04-21 08:30:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-04-21 08:30:53 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-21 08:30:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-21 08:23:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-04-21 08:22:11 | 02,999,426 | R--- | C] () -- C:\Documents and Settings\Ewa\Pulpit\ComboFix.exe
[2009-04-20 07:33:00 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\ceeefddd5_z.ocx
[2009-04-17 11:01:02 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\rOZLICZENIE KÓŁ RR- zajęcia ruchowe.xls
[2009-04-17 10:09:44 | 00,000,000 | -HSD | C] -- C:\FOUND.021
[2009-04-16 07:43:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-16 07:43:25 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-16 07:43:25 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-16 07:43:25 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-16 07:43:24 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-16 07:43:23 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-16 07:43:22 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-16 07:43:22 | 00,722,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-16 07:43:22 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-16 07:42:05 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-16 07:42:05 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-14 10:05:28 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009-04-14 07:57:22 | 00,000,000 | -HSD | C] -- C:\FOUND.020
[2009-04-09 08:21:22 | 00,000,000 | -HSD | C] -- C:\FOUND.019
[2009-04-09 08:05:54 | 00,000,000 | ---D | C] -- C:\Hewlett-Packard
[2009-04-07 14:02:07 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktualizacja harmonogramów 85412-85415-80113.xls
[2009-04-07 14:01:30 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktualizacja harmonogramów-80146-85446.xls
[2009-04-07 13:59:12 | 00,243,200 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktulalizacje harmonogramów - WZÓR.xls
[2009-04-07 13:49:12 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2009-04-07 11:20:24 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2009-04-06 12:04:32 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-04-06 07:33:06 | 00,000,000 | -HSD | C] -- C:\FOUND.016
[2009-04-02 13:08:18 | 00,000,000 | -HSD | C] -- C:\FOUND.015
[2009-03-31 14:30:49 | 00,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2009-03-31 14:05:19 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\Ewa\Pulpit\HijackThis.lnk
[2009-03-30 15:12:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009-03-30 15:11:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009-03-30 15:07:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009-03-30 15:04:41 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009-03-30 15:03:05 | 17,223,168 | ---- | C] (Microsoft Corporation) -- C:\windows_xp_pl.exe
[2009-03-30 14:38:36 | 00,000,000 | -HSD | C] -- C:\FOUND.014
[2009-03-30 13:54:40 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009-03-30 13:06:40 | 00,000,000 | -HSD | C] -- C:\FOUND.013
[2009-03-30 08:18:10 | 00,000,000 | -HSD | C] -- C:\FOUND.012
[2009-03-30 07:43:54 | 00,000,000 | -HSD | C] -- C:\FOUND.011
[2009-03-27 15:40:02 | 00,000,000 | -HSD | C] -- C:\FOUND.010
[2009-03-27 15:34:46 | 00,000,000 | -HSD | C] -- C:\FOUND.009
[2009-03-26 14:14:23 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1 SSM.xls
[2009-03-26 13:35:20 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1 MDK.xls
[2009-03-26 13:09:15 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1.xls
[2009-03-25 10:05:26 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2009-03-23 12:08:00 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\PROBIT.doc
[2009-03-23 08:53:10 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Zestawienie zmian.doc
[2009-02-10 12:03:25 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2008-12-17 23:30:06 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-17 23:30:06 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-28 13:54:30 | 00,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008-10-28 13:54:07 | 00,000,685 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008-10-16 11:07:36 | 00,001,627 | ---- | C] () -- C:\WINDOWS\System32\Load.ini
[2008-09-02 09:14:06 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2008-07-18 09:16:53 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-07-17 09:13:13 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-29 15:24:32 | 00,311,128 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008-06-29 15:24:32 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-06-29 15:24:31 | 01,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008-04-28 14:55:27 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2007-05-22 09:40:12 | 00,000,946 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-02-28 11:49:59 | 00,000,270 | ---- | C] () -- C:\WINDOWS\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini
[2007-02-13 09:13:49 | 00,000,334 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-02-12 15:06:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-02-12 14:38:25 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-12 14:16:37 | 00,015,995 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2007-02-12 14:07:05 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007-02-12 14:02:35 | 00,002,772 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-02-12 14:02:32 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-02-07 14:35:36 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\MksFwallt.sys
[2007-02-07 14:35:36 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\MksFwallf.sys
[2007-02-07 14:35:36 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\MksIdsf.sys
[2007-02-07 14:35:36 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\MksIdsa.sys
[2006-06-12 11:36:30 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006-03-02 12:00:00 | 00,000,639 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 12:00:00 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2006-02-09 14:47:06 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-01-16 17:32:19 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001-07-06 16:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997-06-18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997-04-01 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[108 C:\WINDOWS\*.tmp files]
[2009-04-21 10:43:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe
[2009-04-21 10:10:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-21 10:09:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-21 10:09:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-21 09:58:10 | 00,109,568 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009-04-21 09:56:18 | 17,815,040 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\dbg_x86_6.11.1.404.msi
[2009-04-21 09:44:22 | 18,843,6480 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009-04-21 09:38:22 | 13,709,800 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Ewa\Pulpit\launch.exe
[2009-04-21 09:20:16 | 00,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-04-21 09:19:16 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-04-21 09:06:50 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Registry Mechanic.lnk
[2009-04-21 08:13:56 | 02,999,426 | R--- | M] () -- C:\Documents and Settings\Ewa\Pulpit\ComboFix.exe
[2009-04-21 07:55:46 | 00,002,557 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Microsoft Office Excel 2003.lnk
[2009-04-21 07:38:14 | 00,002,177 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Platinum Guard.lnk
[2009-04-21 00:51:52 | 07,486,053 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Registry_Mechanic_8.rar
[2009-04-20 13:40:14 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Microsoft Office Word 2003.lnk
[2009-04-20 11:01:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-20 11:01:44 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Ewa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-20 07:33:02 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\ceeefddd5_z.ocx
[2009-04-17 11:24:54 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\rOZLICZENIE KÓŁ RR- zajęcia ruchowe.xls
[2009-04-17 09:27:14 | 00,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-04-17 07:51:40 | 00,463,404 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-04-17 07:51:40 | 00,405,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-17 07:51:40 | 00,081,364 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-04-17 07:51:40 | 00,063,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-17 07:51:38 | 01,026,664 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-16 16:04:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-04-15 12:39:54 | 00,231,936 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\wykonane wydatki.xls
[2009-04-15 09:01:44 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009-04-14 12:43:24 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009-04-14 11:49:42 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\d2Navigator.lnk
[2009-04-14 10:25:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\PLAN FINANSOWY - Fund socj..doc
[2009-04-14 09:57:00 | 00,243,200 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktulalizacje harmonogramów - WZÓR.xls
[2009-04-09 14:33:58 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Fundusz socjalny-wykonanie.doc
[2009-04-09 08:50:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\dhsa.qfg
[2009-04-09 08:17:32 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Ewa\Dane aplikacji\pcouffin.sys
[2009-04-09 08:17:32 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Ewa\Dane aplikacji\pcouffin.cat
[2009-04-09 08:17:32 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Ewa\Dane aplikacji\pcouffin.inf
[2009-04-07 14:14:20 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktualizacja harmonogramów-80146-85446.xls
[2009-04-07 14:10:48 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktualizacja harmonogramów 85412-85415-80113.xls
[2009-04-06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-04-06 13:07:20 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1 MDK.xls
[2009-04-03 09:12:18 | 00,108,544 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\zus I PODATKI ROZLICZENIE.xls
[2009-03-31 14:05:20 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\HijackThis.lnk
[2009-03-30 15:14:36 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\desktop.ini
[2009-03-30 15:03:06 | 17,223,168 | ---- | M] (Microsoft Corporation) -- C:\windows_xp_pl.exe
[2009-03-27 08:58:36 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-03-26 14:22:28 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1 SSM.xls
[2009-03-26 13:09:16 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Wzór planów RDW na 2009.1.xls
[2009-03-23 14:42:30 | 00,000,946 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009-03-23 12:26:34 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-03-23 12:08:02 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\PROBIT.doc
[2009-03-23 08:56:08 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Zestawienie zmian.doc
< End of report >

Log z Gmer:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-21 11:15:31
Windows 5.1.2600 Dodatek Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spwb.sys ZwCreateKey [0xF75C50E0]
SSDT spwb.sys ZwEnumerateKey [0xF75E2CA2]
SSDT spwb.sys ZwEnumerateValueKey [0xF75E3030]
SSDT spwb.sys ZwOpenKey [0xF75C50C0]
SSDT spwb.sys ZwQueryKey [0xF75E3108]
SSDT spwb.sys ZwQueryValueKey [0xF75E2F88]
SSDT spwb.sys ZwSetValueKey [0xF75E319A]

INT 0x62 ? 83BDCBF8
INT 0x63 ? 836F4BF8
INT 0x73 ? 836F4BF8
INT 0x73 ? 836F4BF8
INT 0x82 ? 83BDCBF8
INT 0xA4 ? 836F4BF8
INT 0xB4 ? 836F4BF8

---- Kernel code sections - GMER 1.0.15 ----

? spwb.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload F713D8AC 5 Bytes JMP 836F41D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[172] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[420] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1096] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2116] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2184] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C09315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CDDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00CDDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00CE4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C41CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00DFE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00DFDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00DFDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00DFDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00DFDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00DFE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00DFDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3780] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00CE488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83B722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75F593C] spwb.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75F5990] spwb.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75C6040] spwb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75C613C] spwb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75C60BE] spwb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75C67FC] spwb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75C66D2] spwb.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 836F42D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75D5D92] spwb.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[1096] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[2116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[2184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[3780] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [017B18FD] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83894500
Device \FileSystem\Fastfat \FatCdrom 83BDB1F8
Device \Driver\usbuhci \Device\USBPDO-0 836421F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 83B701F8
Device \Driver\dmio \Device\DmControl\DmConfig 83B701F8
Device \Driver\dmio \Device\DmControl\DmPnP 83B701F8
Device \Driver\dmio \Device\DmControl\DmInfo 83B701F8
Device \Driver\usbuhci \Device\USBPDO-1 836421F8
Device \Driver\usbuhci \Device\USBPDO-2 836421F8
Device \Driver\usbuhci \Device\USBPDO-3 836421F8
Device \Driver\usbehci \Device\USBPDO-4 8362B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 83BDD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 83BDD1F8
Device \Driver\Cdrom \Device\CdRom0 836D9500
Device \Driver\Cdrom \Device\CdRom1 836D9500
Device \Driver\NetBT \Device\NetBt_Wins_Export 837E3500
Device \Driver\NetBT \Device\NetbiosSmb 837E3500
Device \Driver\usbuhci \Device\USBFDO-0 836421F8
Device \Driver\usbuhci \Device\USBFDO-1 836421F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 837D2500
Device \Driver\usbuhci \Device\USBFDO-2 836421F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C132743-38D9-48B6-9906-3CD27D1A49C4} 837E3500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 837D2500
Device \Driver\usbuhci \Device\USBFDO-3 836421F8
Device \Driver\usbehci \Device\USBFDO-4 8362B1F8
Device \Driver\Ftdisk \Device\FtControl 83BDD1F8
Device \FileSystem\Fastfat \Fat 83BDB1F8
Device \FileSystem\Cdfs \Cdfs 838CB500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x7C 0xCB 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x7C 0xCB 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x7C 0xCB 0x77 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore@Count 2397
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\iexplore@Count 2397
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 2396
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore@Count 2394
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore@Count 787
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore@LoadTimeCount 475
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@jadlmkejdgdfnkhmodgl 0x69 0x61 0x66 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@oajlglamoimhnnpdgcbppfagfjopao 0x6A 0x61 0x66 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@nalceloagoanleiikimnpeoonbjm 0x6A 0x61 0x66 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@abfmodlgeiepnmcikcicadhhlplmfhhodf 0x65 0x62 0x6D 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@pafmodlgeiepnmcikcicadhhlpimmhnk 0x64 0x62 0x64 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29024DC2-9758-A6A4-5F65-D052D00800AF}@bbkmlggaidhlkenhinldnedfpfeeahkgphjp 0x64 0x62 0x64 0x67 ...

---- EOF - GMER 1.0.15 ----

Hmmm nie ma tu nic takiego. W takim układzie zrób jeszcze dwa logi:

1. Lista wszystkich usług: Gmer >>> zaznacz do skanu tylko Usługi + zaptaszkuj Pokaż wszystko.

2. Sprawdzanie na okoliczność rootkita w MBR: log z MBR.EXE

więc MBR chyba ok, bo log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.1 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

a to log z usługami:
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-21 11:46:35
Windows 5.1.2600 Dodatek Service Pack 3


---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI
Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINDOWS\system32\DRIVERS\a38usb.sys (PCSC/CCID IFD Handler/Advanced Card Systems Ltd) [MANUAL] ACSSCR
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Audio Stub Driver/Andrea Electronics Corporation) [MANUAL] aeaudio
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\WINDOWS\system32\DRIVERS\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [BOOT] agp440
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys (NTRksample driver/Conexant) [MANUAL] basic2
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service C:\WINDOWS\system32\DRIVERS\Dot4.sys (One Cool Transport/Microsoft Corporation) [MANUAL] Dot4
Service C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys (Dot4 Printer Driver/Microsoft Corporation) [MANUAL] Dot4Print
Service C:\WINDOWS\system32\DRIVERS\dot4usb.sys (Sterownik filtru DOT4USB/Microsoft Corporation) [MANUAL] dot4usb
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys (Fallback driver/Conexant) [AUTO] Fallback
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys (FSKsNT driver/Conexant) [AUTO] Fsks
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\WINDOWS\system32\drivers\hpfxbulk.sys (hpfxbulk.sys/Hewlett Packard) [MANUAL] HPFXBULK
Service [DISABLED] hpn
Service C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys (WinACHSF driver/Conexant) [MANUAL] hsf_msft
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys (Sterownik Intel PCI IDE/Microsoft Corporation) [BOOT] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys (K56NT driver/Conexant) [AUTO] K56
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [SYSTEM] kbdhid
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service C:\Program Files\mks_vir_2007\bin\MksFwall.exe (Zapora mks_vir 2k7/MKS Sp z o.o.) [DISABLED] MksFwall
Service C:\WINDOWS\system32\mksidsf.sys [MANUAL] mksidsf
Service C:\Program Files\mks_vir_2007\bin\MksMonEn.sys [MANUAL] MksMonEn
Service C:\Program Files\mks_vir_2007\bin\MksMonEv.sys [MANUAL] MksMonEv
Service C:\Program Files\mks_vir_2007\bin\MksMonFd.sys [MANUAL] MksMonFd
Service C:\Program Files\mks_vir_2007\bin\MksPC.exe [AUTO] MksPC
Service C:\Program Files\mks_vir_2007\bin\mksupdate.exe (Serwis aktualizacji mks_vir 2K7/MKS Sp. z o. o.) [AUTO] MksUpdate
Service C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe [AUTO] MksVirMonSvc
Service C:\Program Files\mks_vir_2007\bin\mks_scan.exe [MANUAL] MkS_Scan
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\drivers\MODEMCSA.sys (Unimodem CSA Filter/Microsoft Corporation) [MANUAL] MODEMCSA
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (Sterownik filtru myszy HID/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows&reg; installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [MANUAL] NBService
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] NWCWorkstation1
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\system32\drivers\pavboot.sys (Panda Boot Driver/Panda Security, S.L.) [BOOT] pavboot
Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde
Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia
Service C:\WINDOWS\System32\Drivers\pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) [MANUAL] pcouffin
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft&reg;/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys (Rksample WDM driver/Conexant) [MANUAL] Rksample
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [AUTO] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\drivers\smwdm.sys (SoundMAX Integrated Digital Audio /Analog Devices, Inc.) [MANUAL] smwdm
Service C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys (FaxNT driver/Conexant) [AUTO] SoftFax
Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (SoundMAX service agent component/Analog Devices, Inc.) [AUTO] SoundMAX Agent Service (default)
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] stisvc
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [DISABLED] TlntSvr
Service C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys (TonesNT driver/Conexant) [AUTO] Tones
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS\system32\DRIVERS\HSF_V124.sys (V124NT driver/Conexant) [AUTO] V124
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft&reg;/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Usługa udostępniania w sieci programu Windows Media Player/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {7C132743-38D9-48B6-9906-3CD27D1A49C4}

---- EOF - GMER 1.0.15 ----


PS. ściągnąłem freedrweb i przy uruchamianiu jego zawsze resetuje się komputer..też mi się wydaje, że przy próbie aktualizacji MKS VIR się resetuje...

Nie ma tu w ogóle sterownika istniejącego jako zamontowany na pliku o139Lf5N.sys. Może to rzecz ulotna / tworzona w pamięci. To jeszcze sprawdź czy ten plik jako taki jest w katalogu C:\WINDOWS\system32 lub C:\WINDOWS\system32\drivers. W takim razie ja bym usunęła to, gdyż to jedyna podejrzana rzecz:

c:\documents and settings\Ewa\Menu Start\Programy\Autostart\
winsys.exe.lnk - c:\windows\system32\winsys.exe [2008-10-16 1960448]
winword.exe.lnk - c:\windows\system32\winword.exe [2008-10-16 1960448]

1. Uruchom OTListIt2 i w oknie dolnym wklej ten skrypt:

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winsys.exe.lnk
C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winword.exe.lnk
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\winword.exe
c:\windows\system32\Plugins

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. Jeśli zostaniesz poproszony, zrestartuj komputer.

2. Po restarcie prezentujesz dwa logi: ten powstały z usuwania + nowy z opcji Run Scan.






.

niestety będę mógł to wykonać dopiero po 12 maja, więc proszę o nieusuwanie postu..

Dobra, mogę dzisiaj przedstawić logi ( z góry sorki ze tak późno)..więc log z usuwania:
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winsys.exe.lnk moved successfully.
C:\Documents and Settings\Ewa\Menu Start\Programy\Autostart\winword.exe.lnk moved successfully.
C:\WINDOWS\system32\winsys.exe moved successfully.
C:\WINDOWS\system32\winword.exe moved successfully.
c:\windows\system32\Plugins\YouCrypt moved successfully.
c:\windows\system32\Plugins\Hoster moved successfully.
c:\windows\system32\Plugins moved successfully.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Ewa\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 05112009_083208

Files moved on Reboot...
File C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat not found!

Registry entries deleted on Reboot...

Extras.txt:
OTListIt Extras logfile created on: 2009-05-11 08:40:21 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ewa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

766,73 Mb Total Physical Memory | 522,99 Mb Available Physical Memory | 68,21% Memory free
1,08 Gb Paging File | 0,87 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,82 Gb Total Space | 3,15 Gb Free Space | 18,73% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 39,06 Gb Total Space | 35,21 Gb Free Space | 90,14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS
Drive Y: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS
Drive Z: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS

Computer Name: KSIEGOWOSC
Current User Name: Ewa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-09-26 13:35:38 | 01,848,616 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
[2008-04-20 13:14:38 | 01,262,592 | ---- | M] (Nix-Ware.com Paweł Barut) -- C:\DOS-PR08\DOSprinter\DOSprint.exe:*:Enabled:DOS printer

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 7.03.001
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{29CBFC23-05A7-4286-93B8-BABE29BC1045}" = Nero 7 Essentials
"{2DB2E8BB-C478-4882-B53D-1E34C70952F7}" = d2System ver_ I_3_3_11b
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB6EE7-DF64-4F26-9273-9525FC11A417}" = Instalacja programu mks_vir 2k7
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{ABDF78D0-6F94-440B-917F-22803D165F14}" = Platinum Guard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B96A7F3B-AF29-489A-AE84-1DDF5942971C}" = proCertum CardManager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"7-Zip" = 7-Zip 4.43 beta
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"e-PFRON OffLine" = e-PFRON OffLine 1.3.5
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Niezbędnik CD_is1" = Niezbędnik CD
"NixWareDOSprinter" = Nix-Ware.com DOS printer emulator (tylko usuwanie)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PABS 4.1_is1" = PABS 4.1
"PITy 2007_is1" = PITy 2007 dla Windows kompilacja:1.0.1.2
"PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.1
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 0.9.8a
"Webshots Desktop_is1" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-05-06 06:19:23 | Computer Name = KSIEGOWOSC | Source = Microsoft Office 11 | ID = 2001
Description =

Error - 2009-05-06 08:00:08 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca vlc.exe, wersja 0.9.8.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-05-06 08:02:53 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd realplay.exe, wersja 6.0.12.1069, moduł
powodujący błąd rpcontrols1.dll, wersja 6.0.1.2001, adres błędu 0x0005cbe7.

Error - 2009-05-06 08:03:47 | Computer Name = KSIEGOWOSC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca realplay.exe, wersja 6.0.12.1069, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-05-06 08:08:02 | Computer Name = KSIEGOWOSC | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2009-05-08 06:11:00 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd superutil.exe, wersja 9.3.9.0, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2009-05-08 09:19:28 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku Y:\serwer\2001\TMAIN.EXE
z jednej z następujących przyczyn: istnieje problem z połączeniem sieciowym, dyskiem,
na którym przechowywany jest plik, sterownikami magazynu zainstalowanymi na tym
komputerze; lub brak dysku. System Windows zamknął program TMAIN.EXE z powodu następującego
błędu. Program: TMAIN.EXE Plik: Y:\serwer\2001\TMAIN.EXE Wartość błędu jest wyświetlona
w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może
być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu.
2.
Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci
powinien sprawdzić, czy nie ma problemu z siecią, i czy można skontaktować się
z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź,
czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz
CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć
plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku.
Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się
z administratorem lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe
dane Wartość błędu: C000009A Typ dysku: 4

Error - 2009-05-08 09:19:36 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tmain.exe, wersja 0.0.0.0, moduł powodujący
błąd tmain.exe, wersja 0.0.0.0, adres błędu 0x00016220.

Error - 2009-05-08 09:19:56 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1005
Description = System Windows nie może uzyskać dostępu do pliku Y:\serwer\2001\TMAIN.EXE
z jednej z następujących przyczyn: istnieje problem z połączeniem sieciowym, dyskiem,
na którym przechowywany jest plik, sterownikami magazynu zainstalowanymi na tym
komputerze; lub brak dysku. System Windows zamknął program TMAIN.EXE z powodu następującego
błędu. Program: TMAIN.EXE Plik: Y:\serwer\2001\TMAIN.EXE Wartość błędu jest wyświetlona
w sekcji Dodatkowe dane. Akcja użytkownika 1. Otwórz plik ponownie. Ta sytuacja może
być przejściowym problemem, który sam się rozwiąże po ponownym uruchomieniu programu.
2.
Jeśli nadal nie można uzyskać dostępu do pliku i - jest w sieci, administrator sieci
powinien sprawdzić, czy nie ma problemu z siecią, i czy można skontaktować się
z serwerem. - jest na dysku wymiennym, na przykład dyskietce lub dysku CD-ROM, sprawdź,
czy cały dysk jest włożony do komputera. 3. Sprawdź i napraw system plików, uruchamiając
program CHKDSK. Aby uruchomić program CHKDSK, kliknij przycisk Start, kliknij polecenie
Uruchom, wpisz CMD, a następnie kliknij przycisk OK. W wierszu polecenia wpisz
CHKDSK /F, a następnie naciśnij klawisz ENTER. 4. Jeżeli problem nie ustąpi, przywróć
plik z kopii zapasowej. 5. Ustal, czy można otworzyć inne pliki na tym samym dysku.
Jeśli nie, dysk może być uszkodzony. Jeśli jest to dysk twardy, skontaktuj się
z administratorem lub dostawcą sprzętu komputerowego, aby uzyskać dalszą pomoc. Dodatkowe
dane Wartość błędu: C000009A Typ dysku: 4

Error - 2009-05-08 09:19:57 | Computer Name = KSIEGOWOSC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd
unknown, wersja 0.0.0.0, adres błędu 0x00416220.

[ System Events ]
Error - 2009-05-07 09:18:26 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi MkS_Scan z powodu następującego błędu:
%%1053

Error - 2009-05-08 09:22:24 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-08 09:25:18 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-08 09:30:01 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-08 09:36:07 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-11 01:29:22 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-11 02:33:57 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: SuperMounter

Error - 2009-05-11 02:35:27 | Computer Name = KSIEGOWOSC | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi
mks_scan z argumentami „-Service” w celu uruchomienia serwera: {0B3B62DF-96A8-42BC-9C0C-A6CCE7E0BA03}

Error - 2009-05-11 02:35:27 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą MkS_Scan.

Error - 2009-05-11 02:35:27 | Computer Name = KSIEGOWOSC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi MkS_Scan z powodu następującego błędu:
%%1053


< End of report >



OTListIt.txt:

OTListIt logfile created on: 2009-05-11 08:40:21 - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Ewa\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

766,73 Mb Total Physical Memory | 522,99 Mb Available Physical Memory | 68,21% Memory free
1,08 Gb Paging File | 0,87 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16,82 Gb Total Space | 3,15 Gb Free Space | 18,73% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 39,06 Gb Total Space | 35,21 Gb Free Space | 90,14% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS
Drive Y: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS
Drive Z: | 55,88 Gb Total Space | 52,41 Gb Free Space | 93,79% Space Free | Partition Type: NTFS

Computer Name: KSIEGOWOSC
Current User Name: Ewa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003-05-05 08:57:30 | 00,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2007-03-14 08:20:38 | 00,520,192 | ---- | M] (MkS Sp. z o.o.) -- C:\Program Files\mks_vir_2007\bin\mks_mail.exe
PRC - [2007-07-05 07:46:42 | 00,663,552 | ---- | M] (MKS Sp z o.o.) -- C:\Program Files\mks_vir_2007\bin\mkstray.exe
PRC - [2007-03-23 08:40:18 | 00,303,104 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksregmon.exe
PRC - [2003-10-31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006-06-15 08:43:20 | 00,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005-02-16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008-10-15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2009-03-09 05:19:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-04-19 13:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007-03-06 08:14:18 | 00,253,952 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksPC.exe
PRC - [2008-03-17 14:30:36 | 00,389,120 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
PRC - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-04-21 10:43:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe
PRC - [2007-03-26 16:28:00 | 00,570,880 | ---- | M] (MKS Sp. z o. o.) -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-10-18 09:02:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009-03-09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-04-19 13:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007-04-10 10:39:02 | 00,270,336 | ---- | M] (MKS Sp z o.o.) -- C:\Program Files\mks_vir_2007\bin\MksFwall.exe -- (MksFwall [Disabled | Stopped])
SRV - [2007-03-06 08:14:18 | 00,253,952 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksPC.exe -- (MksPC [Auto | Running])
SRV - [2007-03-26 16:28:00 | 00,570,880 | ---- | M] (MKS Sp. z o. o.) -- C:\Program Files\mks_vir_2007\bin\mksupdate.exe -- (MksUpdate [Auto | Running])
SRV - [2008-03-17 14:30:36 | 00,389,120 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe -- (MksVirMonSvc [Auto | Running])
SRV - [2009-03-09 07:34:34 | 00,270,336 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\mks_scan.exe -- (MkS_Scan [On_Demand | Stopped])
SRV - [2007-09-17 10:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008-04-14 19:20:42 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation1 [Disabled | Stopped])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006-03-24 19:14:00 | 00,033,536 | R--- | M] (Advanced Card Systems Ltd) -- C:\WINDOWS\system32\DRIVERS\a38usb.sys -- (ACSSCR [On_Demand | Stopped])
DRV - [2002-04-01 07:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001-08-17 21:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
DRV - [2001-08-17 21:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys -- (Fallback [Auto | Running])
DRV - [2001-08-17 21:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys -- (Fsks [Auto | Running])
DRV - [2006-06-12 11:36:30 | 00,009,344 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK [On_Demand | Running])
DRV - [2001-08-17 21:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
DRV - [2001-08-17 21:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys -- (K56 [Auto | Running])
DRV - [2007-03-29 08:22:04 | 00,011,776 | ---- | M] () -- C:\WINDOWS\system32\mksidsf.sys -- (mksidsf [On_Demand | Stopped])
DRV - [2007-08-13 07:44:16 | 00,385,024 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonEn.sys -- (MksMonEn [On_Demand | Stopped])
DRV - [2007-03-23 08:40:16 | 00,089,600 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonEv.sys -- (MksMonEv [On_Demand | Stopped])
DRV - [2007-02-07 14:35:36 | 00,026,624 | ---- | M] () -- C:\Program Files\mks_vir_2007\bin\MksMonFd.sys -- (MksMonFd [On_Demand | Running])
DRV - [2001-08-17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004-08-03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-06-19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008-04-17 08:23:48 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2006-03-02 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001-08-17 21:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-08-12 13:15:48 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001-08-17 21:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys -- (SoftFax [Auto | Running])
DRV - [2008-07-17 09:13:16 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001-08-17 21:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys -- (Tones [Auto | Running])
DRV - [2001-08-17 21:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\HSF_V124.sys -- (V124 [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\S-1-5-21-796845957-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-362288127-839522115-1003\S-1-5-21-796845957-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://beta.onet.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008-12-01 07:56:56 | 00,000,000 | ---D | M]

[2008-07-10 15:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Extensions
[2008-07-10 15:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007-04-27 09:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Firefox\Profiles\06rab3mv.default\extensions
[2007-09-05 09:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ewa\Dane aplikacji\mozilla\Firefox\Profiles\06rab3mv.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-796845957-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-796845957-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe (MkS Sp. z o.o.)
O4 - HKLM..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe ()
O4 - HKLM..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe (MKS Sp z o.o.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on (HP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-362288127-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\mks_vir_2007\bin\mkslsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7C132743-38D9-48B6-9906-3CD27D1A49C4}\\NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-12 13:38:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[130 C:\WINDOWS\*.tmp files]
[2009-05-11 08:32:08 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009-05-08 15:17:00 | 00,000,000 | -HSD | C] -- C:\FOUND.006
[2009-05-08 12:10:48 | 00,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2009-05-08 11:12:32 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2009-05-08 07:43:58 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009-05-07 15:31:30 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009-05-07 10:07:11 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Zał. 1 - skutek podwyżki.xls
[2009-05-07 08:55:50 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009-05-05 07:44:48 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009-05-04 12:28:46 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2009-04-28 12:46:36 | 03,817,155 | ---- | C] (Copyright © 1999-2005 KRAKFIN ) -- C:\Documents and Settings\Ewa\Pulpit\pabs4_1_34_466wroclaw_setup.exe
[2009-04-28 08:27:36 | 00,000,000 | -HSD | C] -- C:\FOUND.023
[2009-04-27 09:03:46 | 00,645,001 | ---- | C] () -- C:\epfron_off_uakt.exe
[2009-04-27 09:01:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\e-PFRON OffLine.lnk
[2009-04-27 09:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\e-PFRON OffLine
[2009-04-21 12:55:10 | 00,000,000 | -HSD | C] -- C:\FOUND.022
[2009-04-21 11:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ewa\Pulpit\nowy
[2009-04-21 10:43:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe
[2009-04-21 09:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2009-04-21 09:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-04-21 09:06:49 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009-04-21 09:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009-04-21 09:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ewa\Dane aplikacji\WinRAR
[2009-04-21 08:30:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-21 08:30:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-21 08:30:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-21 08:30:53 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009-04-21 08:30:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-04-21 08:30:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-04-21 08:30:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-04-21 08:30:53 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-21 08:30:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-21 08:23:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-04-20 07:33:00 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\ceeefddd5_z.ocx
[2009-04-17 11:01:02 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Ewa\Moje dokumenty\rOZLICZENIE KÓŁ RR- zajęcia ruchowe.xls
[2009-04-17 10:09:44 | 00,000,000 | -HSD | C] -- C:\FOUND.021
[2009-04-16 07:43:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-16 07:43:25 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-16 07:43:25 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-16 07:43:25 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-16 07:43:24 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-16 07:43:23 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-16 07:43:22 | 00,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-16 07:43:22 | 00,722,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-16 07:43:22 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-16 07:42:05 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-16 07:42:05 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-14 10:05:28 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Zone.Identifier
[2009-04-14 07:57:22 | 00,000,000 | -HSD | C] -- C:\FOUND.020
[2009-02-10 12:03:25 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2008-12-17 23:30:06 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-17 23:30:06 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-28 13:54:30 | 00,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008-10-28 13:54:07 | 00,000,685 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008-10-16 11:07:36 | 00,001,627 | ---- | C] () -- C:\WINDOWS\System32\Load.ini
[2008-09-02 09:14:06 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\usbr38.dll
[2008-07-18 09:16:53 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-07-17 09:13:13 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-29 15:24:32 | 00,311,128 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008-06-29 15:24:32 | 00,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-06-29 15:24:31 | 01,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008-04-28 14:55:27 | 00,162,816 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2007-05-22 09:40:12 | 00,000,946 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-02-28 11:49:59 | 00,000,270 | ---- | C] () -- C:\WINDOWS\{6ECB6EE7-DF64-4F26-9273-9525FC11A417}_WiseFW.ini
[2007-02-13 09:13:49 | 00,000,334 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-02-12 15:06:44 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-02-12 14:38:25 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-12 14:16:37 | 00,015,995 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2007-02-12 14:07:05 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007-02-12 14:02:35 | 00,002,772 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-02-12 14:02:32 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-02-07 14:35:36 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\MksFwallt.sys
[2007-02-07 14:35:36 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\MksFwallf.sys
[2007-02-07 14:35:36 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\MksIdsf.sys
[2007-02-07 14:35:36 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\MksIdsa.sys
[2006-06-12 11:36:30 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006-03-02 12:00:00 | 00,000,639 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 12:00:00 | 00,000,454 | ---- | C] () -- C:\WINDOWS\system.ini
[2006-02-09 14:47:06 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003-01-16 17:32:19 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001-07-06 16:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1997-06-18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997-04-01 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Files - Modified Within 30 Days ==========

[130 C:\WINDOWS\*.tmp files]
[2009-05-11 08:34:04 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-11 08:33:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-11 08:33:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-11 08:19:06 | 00,002,177 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Platinum Guard.lnk
[2009-05-08 15:39:46 | 00,000,454 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-05-08 14:51:26 | 00,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2009-05-07 15:04:56 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Microsoft Office Word 2003.lnk
[2009-05-07 13:33:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-05-07 12:57:02 | 00,243,200 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Aktulalizacje harmonogramów - WZÓR.xls
[2009-05-07 11:36:04 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Ewa\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-07 10:53:28 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Zał. 1 - skutek podwyżki.xls
[2009-05-06 11:53:36 | 00,231,424 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\wykonane wydatki.xls
[2009-05-05 14:33:20 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009-05-05 12:01:16 | 00,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-04-30 13:50:54 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\Zarządzenie.doc
[2009-04-30 13:22:12 | 00,108,544 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\zus I PODATKI ROZLICZENIE.xls
[2009-04-28 12:47:32 | 00,001,380 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\PABS 4.1.lnk
[2009-04-28 12:46:38 | 03,817,155 | ---- | M] (Copyright © 1999-2005 KRAKFIN ) -- C:\Documents and Settings\Ewa\Pulpit\pabs4_1_34_466wroclaw_setup.exe
[2009-04-28 08:20:50 | 17,501,7984 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009-04-27 10:56:44 | 00,002,463 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\d2Navigator.lnk
[2009-04-27 09:01:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\e-PFRON OffLine.lnk
[2009-04-27 08:48:14 | 00,645,001 | ---- | M] () -- C:\epfron_off_uakt.exe
[2009-04-27 07:56:14 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009-04-23 09:49:22 | 00,077,248 | ---- | M] () -- C:\Documents and Settings\Ewa\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-04-21 11:20:22 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009-04-21 10:43:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ewa\Pulpit\OTListIt2.exe
[2009-04-21 09:58:10 | 00,109,568 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009-04-21 09:20:16 | 00,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-04-21 07:55:46 | 00,002,557 | ---- | M] () -- C:\Documents and Settings\Ewa\Pulpit\Microsoft Office Excel 2003.lnk
[2009-04-20 07:33:02 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\ceeefddd5_z.ocx
[2009-04-17 11:24:54 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\rOZLICZENIE KÓŁ RR- zajęcia ruchowe.xls
[2009-04-17 07:51:40 | 00,463,404 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-04-17 07:51:40 | 00,405,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-17 07:51:40 | 00,081,364 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-04-17 07:51:40 | 00,063,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-17 07:51:38 | 01,026,664 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-16 16:04:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-04-14 10:25:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Ewa\Moje dokumenty\PLAN FINANSOWY - Fund socj..doc
< End of report >