RIST.txt

Hijackthis - pro¶ba o sprawdzenie loga

ok.. - GRUBY ten log. aż sie boje co wyjdzie z niego:)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomasz at 2009-07-03 12:32:35
Microsoft(R) Windows Vista™ Ultimate Service Pack 1
System drive C: has 24 GB (32%) free of 75 GB
Total RAM: 4094 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:38, on 03-07-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\pcwHoverWheel.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\VMware Player\hqtray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\VNC4\vncviewer.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
D:\Users\Tomasz\Downloads\RSIT.exe
C:\Program Files (x86)\HijackThis\Tomasz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestrowania za pomoc1 identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: & Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WinampAgent] " C:\Program Files (x86)\Winamp\winampa.exe "
O4 - HKLM\..\Run: [Ad-Watch] " C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe "
O4 - HKLM\..\Run: [VMware hqtray] " C:\Program Files (x86)\VMware Player\hqtray.exe "
O4 - HKLM\..\Run: [QuickTime Task] " C:\Program Files (x86)\QuickTime\QTTask.exe " -atboottime
O4 - HKCU\..\Run: [Skype] " C:\Program Files (x86)\Skype\Phone\Skype.exe " /nosplash /minimized
O4 - HKCU\..\Run: [TrueCrypt] " C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe " /q preferences
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TrackerChecker2] " C:\Program Files (x86)\Tracker Checker 2\Tracker Checker 2.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USGBPUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USGBPUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USGBPUGA SIECIOWA')
O4 - Startup: HoverWheel.lnk = C:\Program Files (x86)\pcwHoverWheel.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa & ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E & ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: & Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij & do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ECD64F2-5A53-4B86-8A4D-B3D9E9CECBC0}: NameServer = 217.8.168.244,157.25.5.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Tension Drivers Auto Removal (pr2aqfgl) (pr2aqfgl) - Unknown owner - C:\Windows\system32\pr2aqfgl.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files (x86)\USBDLM\USBDLM.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 10090 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{5C609EEE-F106-4756-8871-559A146E0D7E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocnik rejestrowania za pomoc1 identyfikatora Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - & Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
" WinampAgent " =C:\Program Files (x86)\Winamp\winampa.exe [2009-03-09 37888]
" Ad-Watch " =C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-01 520024]
" VMware hqtray " =C:\Program Files (x86)\VMware Player\hqtray.exe [2008-10-28 64048]
" QuickTime Task " =C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
" Skype " =C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-02-04 23975720]
" TrueCrypt " =C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe [2009-02-24 1353408]
" WMPNSCFG " =C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
" TrackerChecker2 " =C:\Program Files (x86)\Tracker Checker 2\Tracker Checker 2.exe [2007-08-06 77824]

C:\Users\Tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HoverWheel.lnk - C:\Program Files (x86)\pcwHoverWheel.exe
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
" AppInit_DLLS " = " C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
" {B5A7F190-DDA6-4420-B3BA-52453494E6CD} " =C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
" dontdisplaylastusername " =0
" legalnoticecaption " =
" legalnoticetext " =
" shutdownwithoutlogon " =1
" undockwithoutlogon " =1
" EnableUIADesktopToggle " =0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
" NoActiveDesktop " =
" NoActiveDesktopChanges " =
" ForceActiveDesktopOn " =
" NoDriveTypeAutoRun " =

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
" W:\EverestPortable\App\EverestUltimate\everest.exe " = " W:\EverestPortable\App\EverestUltimate\everest.exe:*:Enabled:EverestUltimate "
" D:\Users\Tomasz\Desktop\EverestPortable\App\EverestUltimate\everest.exe " = " D:\Users\Tomasz\Desktop\EverestPortable\App\EverestUltimate\everest.exe:*:Enabled:EverestUltimate "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
" W:\EverestPortable\App\EverestUltimate\everest.exe " = " W:\EverestPortable\App\EverestUltimate\everest.exe:*:Enabled:EverestUltimate "
" D:\Users\Tomasz\Desktop\EverestPortable\App\EverestUltimate\everest.exe " = " D:\Users\Tomasz\Desktop\EverestPortable\App\EverestUltimate\everest.exe:*:Enabled:EverestUltimate "

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe " %1 " %*

======List of files/folders created in the last 1 months======

2009-07-03 12:32:35 ----D---- C:\rsit
2009-07-01 07:26:42 ----D---- C:\Program Files (x86)\Tracker Checker 2
2009-06-26 15:05:28 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-06-26 15:05:22 ----D---- C:\ProgramData\Adobe
2009-06-26 15:05:12 ----D---- C:\Users\Tomasz\AppData\Roaming\Adobe
2009-06-24 14:38:09 ----D---- C:\Program Files (x86)\HijackThis
2009-06-24 09:27:26 ----D---- C:\Users\Tomasz\AppData\Roaming\Palettes
2009-06-24 09:27:00 ----A---- C:\Users\Tomasz\AppData\Roaming\Color.ini
2009-06-24 09:26:51 ----D---- C:\Users\Tomasz\AppData\Roaming\PaperTypes
2009-06-23 18:13:49 ----D---- C:\WTablet
2009-06-22 06:19:01 ----D---- C:\Program Files (x86)\VNC4
2009-06-21 17:51:00 ----D---- C:\ProgramData\PopCap Games
2009-06-19 16:07:47 ----A---- C:\plik.txt
2009-06-19 16:06:12 ----A---- C:\dane.txt
2009-06-18 14:41:43 ----D---- C:\Program Files (x86)\Common Files\Adobe-BackupByPhotoshopPortable
2009-06-18 07:14:54 ----D---- C:\Users\Tomasz\AppData\Roaming\Adobe-BackupByPhotoshopPortable
2009-06-17 14:08:02 ----D---- C:\ProgramData\Apple Computer
2009-06-17 14:08:02 ----D---- C:\Program Files (x86)\QuickTime
2009-06-17 14:07:37 ----D---- C:\Program Files (x86)\Apple Software Update
2009-06-17 14:07:36 ----D---- C:\ProgramData\Apple
2009-06-15 18:09:02 ----D---- C:\Users\Tomasz\AppData\Roaming\FUJIFILM
2009-06-15 18:07:53 ----D---- C:\Program Files (x86)\FinePixViewer
2009-06-14 16:33:48 ----A---- C:\Windows\AwdSLP.exe
2009-06-14 16:29:19 ----D---- C:\Program Files (x86)\ASUSUpdate
2009-06-10 14:57:18 ----A---- C:\Windows\system32\EncDec.dll
2009-06-10 14:57:17 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-10 07:03:40 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 07:03:37 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 07:03:29 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 07:03:26 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 07:03:25 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 07:03:24 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 07:03:24 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 07:03:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 07:03:22 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 07:03:22 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 07:03:22 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 07:03:22 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 07:03:22 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-09 08:23:17 ----D---- C:\Program Files (x86)\WinRAR
2009-06-08 09:25:32 ----D---- C:\Users\Tomasz\AppData\Roaming\Pixmantec
2009-06-05 16:47:34 ----A---- C:\Windows\system32\vmnetdhcp.exe
2009-06-05 16:47:30 ----A---- C:\Windows\system32\vmnat.exe
2009-06-05 16:46:50 ----D---- C:\Program Files (x86)\VMware Player
2009-06-04 17:45:03 ----D---- C:\Users\Tomasz\AppData\Roaming\Ulead Systems
2009-06-04 17:10:33 ----D---- C:\ProgramData\InterVideo
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresizeW7.dll
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresizePX.dll
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresizeP6.dll
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresizeM6.dll
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresizeA6.dll
2009-06-04 17:10:30 ----A---- C:\Windows\system32\IVIresize.dll
2009-06-04 17:09:50 ----D---- C:\Program Files (x86)\Windows Media Components
2009-06-04 17:06:33 ----D---- C:\ProgramData\Ulead Systems
2009-06-04 17:06:33 ----D---- C:\Program Files (x86)\Common Files\Ulead Systems
2009-06-04 17:04:51 ----D---- C:\Program Files (x86)\Corel VideoStudio 12
2009-06-04 17:03:16 ----D---- C:\Program Files (x86)\Corel

======List of files/folders modified in the last 1 months======

2009-07-03 12:32:39 ----D---- C:\Windows\Prefetch
2009-07-03 12:32:38 ----D---- C:\Windows\Temp
2009-07-03 12:32:17 ----D---- C:\Users\Tomasz\AppData\Roaming\uTorrent
2009-07-03 12:28:52 ----D---- C:\Windows\System32
2009-07-03 12:28:52 ----D---- C:\Windows\inf
2009-07-03 11:50:35 ----D---- C:\Users\Tomasz\AppData\Roaming\Skype
2009-07-03 09:05:58 ----SHD---- C:\System Volume Information
2009-07-03 08:09:47 ----D---- C:\Users\Tomasz\AppData\Roaming\skypePM
2009-07-03 08:06:15 ----D---- C:\Users\Tomasz\AppData\Roaming\TeraCopy
2009-07-03 08:02:52 ----RD---- C:\Program Files (x86)
2009-07-02 14:38:04 ----D---- C:\Users\Tomasz\AppData\Roaming\WTablet
2009-07-02 14:07:45 ----D---- C:\ProgramData\VMware
2009-06-30 19:31:43 ----D---- C:\Users\Tomasz\AppData\Roaming\Thinstall
2009-06-30 12:35:04 ----D---- C:\Program Files (x86)\SekwanaOnline
2009-06-30 11:32:19 ----D---- C:\Users\Tomasz\AppData\Roaming\XnView
2009-06-30 07:11:29 ----SHD---- C:\Windows\Installer
2009-06-30 07:11:23 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-06-26 17:58:59 ----D---- C:\Windows\Microsoft.NET
2009-06-26 15:05:28 ----D---- C:\Program Files (x86)\Common Files
2009-06-26 15:05:22 ----HD---- C:\ProgramData
2009-06-26 10:37:21 ----D---- C:\Windows\Tasks
2009-06-25 03:00:17 ----D---- C:\Windows\winsxs
2009-06-25 03:00:16 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-24 07:34:36 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2009-06-22 12:51:11 ----D---- C:\Users\Tomasz\AppData\Roaming\Real
2009-06-19 13:12:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-06-19 13:12:30 ----RD---- C:\Program Files
2009-06-18 14:18:24 ----D---- C:\Windows
2009-06-17 14:08:03 ----D---- C:\Windows\SysWOW64
2009-06-17 08:45:10 ----D---- C:\Users\Tomasz\AppData\Roaming\VMware
2009-06-14 16:00:15 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-10 23:12:01 ----D---- C:\Program Files (x86)\EVGA Precision
2009-06-10 16:56:50 ----RSD---- C:\Windows\assembly
2009-06-10 15:47:12 ----D---- C:\Users\Tomasz\AppData\Roaming\Neverball
2009-06-10 15:13:05 ----D---- C:\Windows\system32\migration
2009-06-10 15:13:03 ----D---- C:\Windows\ehome
2009-06-10 15:03:42 ----D---- C:\ProgramData\Microsoft Help
2009-06-10 15:01:08 ----D---- C:\Windows\Debug
2009-06-05 16:47:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-05 16:46:58 ----D---- C:\Windows\system32\drivers
2009-06-04 17:34:58 ----D---- C:\Program Files (x86)\DriveImage XML
2009-06-04 17:09:27 ----RSD---- C:\Windows\Fonts
2009-06-04 15:32:28 ----D---- C:\Users\Tomasz\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; SysWow64\drivers\AsIO.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 truecrypt;truecrypt; SysWOW64\drivers\truecrypt.sys []
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware Player\vstor2-ws60.sys [2008-10-02 32816]
R3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Urz1dzenie Bluetooth (sieae osobista); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla us3ugi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys []
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Urz1dzenie Bluetooth (Protokó3 TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 usbaudio;Sterownik audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys []
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys []
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys []
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S2 windrvNT;windrvNT; \??\C:\Windows\system32\windrvNT.sys [2009-05-09 35363]
S3 61883;Urz1dzenie jednostkowe 61883; C:\Windows\system32\DRIVERS\61883.sys []
S3 af8miw53;af8miw53; C:\Windows\system32\drivers\af8miw53.sys []
S3 Avc;Urz1dzenie AVC; C:\Windows\system32\DRIVERS\avc.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 btnetBUs;IVT Bluetooth Bus Service for BtNic; C:\Windows\System32\Drivers\btnetBus.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2004-06-22 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\Users\Tomasz\Desktop\EverestPortable\App\EverestUltimate\kerneld.amd64 [2009-05-25 25216]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 gwiopm;gwiopm; \??\C:\Program Files (x86)\Unknown Device Identifier\gwiopm.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 MSKSSRV;Serwer proxy us3ugi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Serwer proxy mened?era jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys []
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys []
S3 WinRing0_1_0_1;WinRing0_1_0_1; \??\D:\Users\Tomasz\Desktop\MEMSET\MemSet\WinRing0x64.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2007-09-04 571160]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\x86\ekrn.exe [2009-02-06 727720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-07-01 1029456]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 187416]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe []
R2 USBDLM;USBDLM; C:\Program Files (x86)\USBDLM\USBDLM.exe [2008-12-03 157184]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware Player\vmware-authd.exe [2008-10-28 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-28 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-28 399920]
R2 WinVNC4;VNC Server Version 4; C:\Program Files (x86)\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216]
R2 XobniService;XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [2008-12-16 39936]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 pr2aqfgl;Tension Drivers Auto Removal (pr2aqfgl); C:\Windows\system32\pr2aqfgl.exe svc []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe [2009-02-06 23296]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 fsssvc;Bezpieczenstwo rodzinne us3ugi Windows Live; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware Player\vmware-ufad.exe [2008-10-02 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 GoogleDesktopManager-092308-165331;Mened?er Google Desktop 5.8.809.23506; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-17 30192]

-----------------EOF-----------------


Download file - link to post