- Kod: Zaznacz wszystko
info.txt logfile of random's system information tool 1.06 2009-05-11 20:16:27
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.2 CE-->MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}
ALLPlayer V3.X-->"C:\Program Files\ALLPlayer\unins000.exe"
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
neostrada tp-->C:\PROGRA~1\NEOSTR~1\Uninstall.exe
Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Odkurzacz 11.3-->"C:\Program Files\Odkurzacz\unins000.exe"
OpenOffice.org 2.0.2-->MsiExec.exe /I{2B29EAF9-352F-4A0D-8CB1-D34113993DB7}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
======Hosts File======
92.63.97.167 www.moneybookers.com
92.63.97.167 www.poste.it
92.63.97.167 poste.it
92.63.97.167 bancopostaonline.poste.it
92.63.97.167 moneybookers.com
92.63.97.167 www.postbank.de
92.63.97.167 postbank.de
92.63.97.167 banking.postbank.de
92.63.97.167 direkt.postbank.de
92.63.97.167 abbey.com
======System event log======
Computer Name: GREJD
Event Code: 7035
Message: Do usługi Menedżer autopołączenia dostępu zdalnego został pomyślnie wysłany kod sterowania zatrzymaj.
Record Number: 7299
Source Name: Service Control Manager
Time Written: 20090227124952.000000+060
Event Type: informacje
User: GREJD\Karol
Computer Name: GREJD
Event Code: 7036
Message: Usługa Menedżer autopołączenia dostępu zdalnego weszła w stan uruchomienia.
Record Number: 7298
Source Name: Service Control Manager
Time Written: 20090227124943.000000+060
Event Type: informacje
User:
Computer Name: GREJD
Event Code: 7035
Message: Do usługi Menedżer autopołączenia dostępu zdalnego został pomyślnie wysłany kod sterowania uruchom.
Record Number: 7297
Source Name: Service Control Manager
Time Written: 20090227124943.000000+060
Event Type: informacje
User: GREJD\Karol
Computer Name: GREJD
Event Code: 7036
Message: Usługa Usługa bramy warstwy aplikacji weszła w stan uruchomienia.
Record Number: 7296
Source Name: Service Control Manager
Time Written: 20090227124919.000000+060
Event Type: informacje
User:
Computer Name: GREJD
Event Code: 7035
Message: Do usługi Usługa bramy warstwy aplikacji został pomyślnie wysłany kod sterowania uruchom.
Record Number: 7295
Source Name: Service Control Manager
Time Written: 20090227124919.000000+060
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM
=====Application event log=====
Computer Name: GREJD
Event Code: 102
Message: wuaueng.dll (1036) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0).
Record Number: 1093
Source Name: ESENT
Time Written: 20080921211052.000000+120
Event Type: informacje
User:
Computer Name: GREJD
Event Code: 100
Message: wuauclt (1036) Aparat bazy danych 5.01.2600.2180 został uruchomiony.
Record Number: 1092
Source Name: ESENT
Time Written: 20080921211052.000000+120
Event Type: informacje
User:
Computer Name: GREJD
Event Code: 1517
Message: System Windows zapisał rejestr użytkownika GREJD\Karol, kiedy aplikacja lub usługa nadal użytkowała rejestr podczas wylogowania. Pamięć używana przez rejestr użytkownika nie została zwolniona. Rejestr zostanie zwolniony, kiedy nie będzie używany.
Najczęstszą tego przyczyną są usługi uruchamiane z konta użytkownika. Próbuj skonfigurować te usługi, aby były uruchamiane z konta LocalService lub NetworkService.
Record Number: 1091
Source Name: Userenv
Time Written: 20080921090248.000000+120
Event Type: ostrzeżenie
User: ZARZĄDZANIE NT\SYSTEM
Computer Name: GREJD
Event Code: 102
Message: wuaueng.dll (2272) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0).
Record Number: 1090
Source Name: ESENT
Time Written: 20080921085936.000000+120
Event Type: informacje
User:
Computer Name: GREJD
Event Code: 100
Message: wuauclt (2272) Aparat bazy danych 5.01.2600.2180 został uruchomiony.
Record Number: 1089
Source Name: ESENT
Time Written: 20080921085936.000000+120
Event Type: informacje
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
2 notatnik
- Kod: Zaznacz wszystko
Logfile of random's system information tool 1.06 (written by random/random)
Run by Karol at 2009-05-11 20:15:29
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 14 GB (58%) free of 25 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:26, on 2009-05-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karol\Pulpit\RSIT.exe
C:\Program Files\trend micro\Karol.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 92.63.97.167 www.moneybookers.com
O1 - Hosts: 92.63.97.167 www.poste.it
O1 - Hosts: 92.63.97.167 poste.it
O1 - Hosts: 92.63.97.167 bancopostaonline.poste.it
O1 - Hosts: 92.63.97.167 moneybookers.com
O1 - Hosts: 92.63.97.167 www.postbank.de
O1 - Hosts: 92.63.97.167 postbank.de
O1 - Hosts: 92.63.97.167 banking.postbank.de
O1 - Hosts: 92.63.97.167 direkt.postbank.de
O1 - Hosts: 92.63.97.167 abbey.com
O1 - Hosts: 92.63.97.167 www.abbey.com
O1 - Hosts: 92.63.97.167 www.abbey.co.uk
O1 - Hosts: 92.63.97.167 abbey.co.uk
O1 - Hosts: 92.63.97.167 www.smile.co.uk
O1 - Hosts: 92.63.97.167 smile.co.uk
O1 - Hosts: 92.63.97.167 cahoot.com
O1 - Hosts: 92.63.97.167 www.cahoot.com
O1 - Hosts: 92.63.97.167 www.cahoot.co.uk
O1 - Hosts: 92.63.97.167 cahoot.co.uk
O1 - Hosts: 92.63.97.167 www.co-operativebank.co.uk
O1 - Hosts: 92.63.97.167 co-operativebank.co.uk
O1 - Hosts: 92.63.97.167 www.co-operativebank.com
O1 - Hosts: 92.63.97.167 co-operativebank.com
O1 - Hosts: 92.63.97.167 personal.barclays.co.uk
O1 - Hosts: 92.63.97.167 barclays.co.uk
O1 - Hosts: 92.63.97.167 ibank.barclays.co.uk
O1 - Hosts: 92.63.97.167 www.barclays.co.uk
O1 - Hosts: 92.63.97.167 barclays.touchclarity.com
O1 - Hosts: 92.63.97.167 hsbc.co.uk
O1 - Hosts: 92.63.97.167 www.hsbc.co.uk
O1 - Hosts: 92.63.97.167 hsbc.touchclarity.com
O1 - Hosts: 92.63.97.167 www1.member-hsbc-group.com
O1 - Hosts: 92.63.97.167 lloydstsb.co.uk
O1 - Hosts: 92.63.97.167 www.lloydstsb.co.uk
O1 - Hosts: 92.63.97.167 lloydstsb.com
O1 - Hosts: 92.63.97.167 www.lloydstsb.com
O1 - Hosts: 92.63.97.167 mi.lloydstsb.com
O1 - Hosts: 92.63.97.167 www.woolwich.co.uk
O1 - Hosts: 92.63.97.167 woolwich.co.uk
O1 - Hosts: 92.63.97.167 www.deutsche-bank.de
O1 - Hosts: 92.63.97.167 deutsche-bank.de
O1 - Hosts: 92.63.97.167 meine.deutsche-bank.de
O1 - Hosts: 92.63.97.167 www.anbusiness.com
O1 - Hosts: 92.63.97.167 anbusiness.com
O1 - Hosts: 92.63.97.167 www.abbeyinternational.com
O1 - Hosts: 92.63.97.167 www.barclays.com
O1 - Hosts: 92.63.97.167 barclays.com
O1 - Hosts: 92.63.97.167 ibank.internationalbanking.barclays.com
O1 - Hosts: 92.63.97.167 offshore.hsbc.com
O1 - Hosts: 92.63.97.167 www.lloydstsb-offshore.com
O1 - Hosts: 92.63.97.167 lloydstsb-offshore.com
O1 - Hosts: 92.63.97.167 citibank.de
O1 - Hosts: 92.63.97.167 www.citibank.de
O1 - Hosts: 92.63.97.167 www.natwest.com
O1 - Hosts: 92.63.97.167 natwest.com
O1 - Hosts: 92.63.97.167 www.nwolb.com
O1 - Hosts: 92.63.97.167 nwolb.com
O1 - Hosts: 92.63.97.167 rbs.co.uk
O1 - Hosts: 92.63.97.167 www.rbs.co.uk
O1 - Hosts: 92.63.97.167 www.rbsdigital.com
O1 - Hosts: 92.63.97.167 rbsdigital.com
O1 - Hosts: 92.63.97.167 www.ybonline.co.uk
O1 - Hosts: 92.63.97.167 ybonline.co.uk
O1 - Hosts: 92.63.97.40 banking.sparkasse-hannover.de
O1 - Hosts: 92.63.97.40 www.sparkasse-hannover.de
O1 - Hosts: 92.63.97.40 sparkasse-hannover.de
O1 - Hosts: 92.63.97.40 www.banking.sparkasse-hannover.de
O1 - Hosts: 92.63.97.40 banking.sparkasse-mittelthueringen.de
O1 - Hosts: 92.63.97.40 sparkasse-mittelthueringen.de
O1 - Hosts: 92.63.97.40 www.banking.sparkasse-mittelthueringen.de
O1 - Hosts: 92.63.97.40 www.sparkasse-mittelthueringen.de
O1 - Hosts: 92.63.97.40 banking.berliner-sparkasse.de
O1 - Hosts: 92.63.97.40 berliner-sparkasse.de
O1 - Hosts: 92.63.97.40 www.banking.berliner-sparkasse.de
O1 - Hosts: 92.63.97.40 www.berliner-sparkasse.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9415C92C-E4BC-4200-8C58-F9879F70A361}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{9415C92C-E4BC-4200-8C58-F9879F70A361}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8142 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\GestMaj.exe [2004-10-14 32768]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-07-13 14679552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2008-11-24 869888]
"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-04-20 9818728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 264704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-06-12 20002856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-05-11 20:15:29 ----D---- C:\rsit
2009-05-11 20:15:29 ----D---- C:\Program Files\trend micro
2009-05-11 20:04:26 ----D---- C:\Program Files\Nowe Gadu-Gadu
2009-05-11 20:03:54 ----A---- C:\Program Files\nowegg.exe
2009-04-25 09:57:19 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-23 22:02:24 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-23 22:02:24 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-23 22:02:24 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-23 22:02:24 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-23 22:02:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Real
2009-04-23 22:02:22 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-04-23 22:02:22 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-04-23 21:53:53 ----D---- C:\Program Files\NAPI-PROJEKT
2009-04-23 21:51:53 ----A---- C:\WINDOWS\system32\unrar.dll
2009-04-23 21:51:52 ----A---- C:\WINDOWS\avisplitter.ini
2009-04-23 21:51:44 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-04-23 21:51:43 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-04-23 21:51:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-04-23 21:51:43 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-04-23 21:51:43 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-04-23 21:51:34 ----A---- C:\WINDOWS\system32\divx.dll
2009-04-23 21:51:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-04-23 21:51:33 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-04-23 21:51:31 ----D---- C:\Program Files\K-Lite Codec Pack
2009-04-23 20:43:26 ----D---- C:\Program Files\ALLPlayer
======List of files/folders modified in the last 1 months======
2009-05-11 20:15:37 ----D---- C:\WINDOWS\Prefetch
2009-05-11 20:15:29 ----RD---- C:\Program Files
2009-05-11 20:04:39 ----SHD---- C:\WINDOWS\Installer
2009-05-11 20:04:39 ----SHD---- C:\Config.Msi
2009-05-11 18:22:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-11 09:29:34 ----D---- C:\Documents and Settings\Karol\Dane aplikacji\OpenOffice.org2
2009-05-11 08:49:56 ----D---- C:\WINDOWS\system32
2009-05-11 08:49:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-11 08:46:47 ----D---- C:\Program Files\neostrada tp
2009-05-11 08:45:57 ----D---- C:\WINDOWS\system32\Lang
2009-05-10 22:49:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-09 22:04:37 ----D---- C:\Documents and Settings\Karol\Dane aplikacji\GanymedeNet
2009-05-01 21:29:20 ----D---- C:\Program Files\Ganymede
2009-04-26 10:41:06 ----D---- C:\Program Files\PKR
2009-04-25 20:30:55 ----D---- C:\Documents and Settings\Karol\Dane aplikacji\Real
2009-04-25 09:58:44 ----D---- C:\Program Files\Gadu-Gadu
2009-04-25 09:58:12 ----D---- C:\WINDOWS
2009-04-25 09:51:12 ----HD---- C:\WINDOWS\inf
2009-04-25 09:51:12 ----D---- C:\WINDOWS\temp
2009-04-25 09:51:12 ----D---- C:\WINDOWS\system32\drivers
2009-04-25 09:51:11 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-23 22:02:26 ----D---- C:\Program Files\Real Alternative
2009-04-23 22:01:36 ----D---- C:\Program Files\Common Files\Real
2009-04-23 22:01:31 ----D---- C:\Program Files\Common Files
2009-04-23 21:46:55 ----D---- C:\Program Files\DivX
2009-04-23 21:46:20 ----A---- C:\WINDOWS\VPlayer.INI
2009-04-23 21:38:22 ----D---- C:\WINDOWS\WinSxS
2009-04-23 20:56:32 ----D---- C:\WINDOWS\system32\config
2009-04-23 20:56:24 ----D---- C:\WINDOWS\system32\wbem
2009-04-23 20:56:24 ----D---- C:\WINDOWS\Registration
2009-04-23 20:55:26 ----D---- C:\Program Files\Picasa2
2009-04-23 20:55:26 ----D---- C:\Program Files\Google
2009-04-23 20:53:56 ----D---- C:\Program Files\Image-Line
2009-04-23 20:53:53 ----D---- C:\Program Files\ASIO4ALL v2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40320]
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-07-13 3851264]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
-----------------EOF-----------------
oraz skasuj folder C:\