Trojan backdoor i rootkit

**Posty:** 4 · przez **piotrek57** 30 Gru 2011, 23:49

Witam. Mam dwa trojany wykryte przez kasperskiego nie potrafi ich usunac.
Ponizej log z hijack
Macie jakies sugestie gdzie siedza te trojany?

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:33:43, on 2011-12-30 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ALMXPMGR.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Ashampoo PO Toolbar - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ALMXPMGR.EXE O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Ashampoo PO - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ashampoo PO Toolbar - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" /startup O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [CCUCSurrogate.exe] C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe h O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Usługa Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: CCAgent - Unknown owner - C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe O23 - Service: SIMATIC WinCC CCAlgIAlarmDataCollector (CCAlgIAlarmDataCollector) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCAlgIAlarmDataCollector.exe O23 - Service: SIMATIC WinCC CCAlgRtServer (CCAlgRtServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CcAlgRtServer.exe O23 - Service: CCArchiveConnMon - Unknown owner - C:\Program Files\Common Files\Siemens\bin\CCArchiveConnMon.exe O23 - Service: CCArchiveManagerService - SIEMENS AG - C:\Program Files\Common Files\Siemens\CommonArchiving\CCArchiveManager.exe O23 - Service: SIMATIC WinCC CCCSigRTServer (CCCSigRTServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCCSigRTServer.exe O23 - Service: CCDBUtils - Unknown owner - C:\Program Files\Common Files\Siemens\CommonArchiving\CCDBUtils.exe O23 - Service: SIMATIC WinCC CCDeltaLoader (CCDeltaLoader) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCDeltaLoader.exe O23 - Service: CCEClient - Unknown owner - C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe O23 - Service: CCEServer - Unknown owner - C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe O23 - Service: SIMATIC WinCC CCLBMRTServer (CCLBMRTServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCLBMRTServer.exe O23 - Service: SIMATIC WinCC License Service (CCLicenseService) - Unknown owner - C:\Program Files\Common Files\Siemens\bin\CCLicenseService.exe O23 - Service: SIMATIC WinCC CCNSInfo2Provider (CCNSInfo2Provider) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCNSInfo2Provider.exe O23 - Service: CCOPC.XMLWrapper - SIEMENS AG - C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\DA2XML.exe O23 - Service: SIMATIC WinCC CCPackageMgr (CCPackageMgr) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCPackageMgr.exe O23 - Service: CCPerfMon - SIEMENS AG - C:\Program Files\Common Files\Siemens\bin\CCPerfMon.exe O23 - Service: SIMATIC WinCC CCProfileServer (CCProfileServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCProfileServer.exe O23 - Service: SIMATIC WinCC CCProjectMgr (CCProjectMgr) - Unknown owner - C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe O23 - Service: SIMATIC WinCC CCPtmRTServer (CCPtmRTServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCPtmRTServer.exe O23 - Service: CCRedundancyAgent-Service - SIEMENS AG - C:\Program Files\Common Files\Siemens\CommonArchiving\CCRedundancyAgent.exe O23 - Service: SIMATIC WinCC CCSsmRTServer (CCSsmRTServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCSsmRTServer.exe O23 - Service: SIMATIC WinCC TextServer (CCTextServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCTextServer.exe O23 - Service: SIMATIC WinCC CCTlgServer (CCTlgServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCTlgServer.exe O23 - Service: SIMATIC WinCC CCTMTimeSyncServer (CCTMTimeSyncServer) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCTMTimeSyncServer.exe O23 - Service: SIMATIC WinCC CCUsrAcv (CCUsrAcv) - SIEMENS AG - C:\Program Files\Siemens\WinCC\bin\CCUsrAcv.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - Unknown owner - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Unknown owner - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - Unknown owner - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: SQL Server (WINCC) (MSSQL$WINCC) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe O23 - Service: SQL Server (WINCCFLEXEXPRESS) (MSSQL$WINCCFLEXEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe O23 - Service: MSSQL$WINCCFLEXIBLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\Opcenum.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: RedundancyControl - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe O23 - Service: RedundancyState - SIEMENS AG - C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: SIMATIC WinCC ReportScheduler (ReportScheduler) - SIEMENS AG - C:\Program Files\Siemens\WinCC\WebNavigator\DataMonitor\bin\ReportScheduler.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: S7 Global Services (s7asysvx) - Unknown owner - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - Unknown owner - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: S7TraceServiceX - Unknown owner - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe O23 - Service: SCSMonitor - Unknown owner - C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SIMATIC Logon Device Manager - Unknown owner - C:\Program Files\Siemens\SimaticLogon\sldm_x.exe O23 - Service: SIMATIC Logon Event Logging - Unknown owner - C:\Program Files\Siemens\SimaticLogon\sleventlogx.exe O23 - Service: SIMATIC Logon Service - Unknown owner - C:\Program Files\Siemens\SimaticLogon\logonsrv_x.exe O23 - Service: SIMATIC NET Route Manager (SIMATIC NET RouteManager) - Unknown owner - C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe O23 - Service: SIMATIC Logon Remote Access (SlraService) - Unknown owner - c:\program files\siemens\simaticlogon\slra_servicex.exe O23 - Service: SQL Server Agent (WINCC) (SQLAgent$WINCC) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe O23 - Service: SIMATIC Security Control Service (SSCService) - Unknown owner - C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe O23 - Service: SIMATIC NET Station Manager (StatMgr) - Unknown owner - C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) - Unknown owner - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TomTomHOMEService - Unknown owner - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: XR_CCOPC.XMLWrapper - SIEMENS AG - C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\CCRT2XML.exe -- End of file - 19508 bytes

**Posty:** 12734 · przez **Mikou@j** 31 Gru 2011, 00:05

HT to staroć.
Przeczytaj obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html i zastosuj.
- 2 logi otl
- log gmer

**Posty:** 4 · przez **piotrek57** 31 Gru 2011, 12:36

OTLextras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-12-31 11:23:30 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 77,66% Memory free 4,83 Gb Paging File | 4,14 Gb Available in Paging File | 85,79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 292,05 Gb Total Space | 59,46 Gb Free Space | 20,36% Space Free | Partition Type: NTFS Computer Name: PZYTKOWSKINB | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management "102:TCP" = 102:TCP:LocalSubNet:Enabled:ISO-on-TCP "4845:TCP" = 4845:TCP:LocalSubNet:Enabled:OPC UA S7 server "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3050:TCP" = 3050:TCP:*:Enabled:FIRE "3050:UDP" = 3050:UDP:*:Enabled:fire [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- () "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe" = C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe:*:Enabled:Adaptive Server Anywhere Network Server -- (iAnywhere Solutions, Inc.) "C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe" = C:\Program Files\Siemens\Step7\S7BIN\S7tgtopx.exe:*:Enabled:SIEMENS STEP7 SIMATIC Manager -- (SIEMENS AG) "C:\Program Files\Siemens\Step7\S7INF\S7usiapx.exe" = C:\Program Files\Siemens\Step7\S7INF\S7usiapx.exe:*:Enabled:SIEMENS STEP7 S7InfoBox -- (SIEMENS AG) "C:\WINDOWS\system32\s7otbxsx.exe" = C:\WINDOWS\system32\s7otbxsx.exe:*:Enabled:SIEMENS STEP7 Block Administration -- (SIEMENS AG) "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe" = C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe:*:Enabled:SIMATIC WinCC flexible 2008 Application -- (SIEMENS AG) "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe" = C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe:*:Enabled:SIMATIC WinCC flexible 2008 Trace Server -- (SIEMENS AG) "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\Miniweb.exe" = C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\Miniweb.exe:*:Disabled:WinCC flexible RT Module MiniWeb -- (Siemens AG) "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe" = C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe:*:Disabled:WinCC flexible RT Module SmartServer -- (Siemens AG) "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\HmiLoad.exe" = C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\HmiLoad.exe:*:Enabled:WinCC flexible RT Module HmiLoad -- (Siemens AG) "C:\Program Files\Siemens\SIMATIC.NET\simnetcom\pniopcac.exe" = C:\Program Files\Siemens\SIMATIC.NET\simnetcom\pniopcac.exe:LocalSubNet:Enabled:SIMATIC NET PROFINET IO "C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- () "C:\Program Files\Firebird\Firebird_2_0\bin\isql.exe" = C:\Program Files\Firebird\Firebird_2_0\bin\isql.exe:*:Enabled:Firebird ISQL Tool -- (FirebirdSQL Project) "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- () "C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe:*:Disabled:ArchiCAD 14.0 -- (Graphisoft R&D) "C:\Documents and Settings\Piotr\Dane aplikacji\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Piotr\Dane aplikacji\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Siemens\ConnectivityStation\OPC\dataaccess\bin\sopcdasvrconn.exe" = C:\Program Files\Siemens\ConnectivityStation\OPC\dataaccess\bin\sopcdasvrconn.exe:LocalSubNet:Enabled:SIMATIC WinCC Connectivity OPC DA Server -- (SIEMENS AG) "C:\Program Files\Siemens\ConnectivityStation\OPC\AlarmEvent\bin\sopcaesvrconn.exe" = C:\Program Files\Siemens\ConnectivityStation\OPC\AlarmEvent\bin\sopcaesvrconn.exe:LocalSubNet:Enabled:SIMATIC WinCC Connectivity OPC AE Server -- (SIEMENS AG) "C:\Program Files\Siemens\ConnectivityStation\OPC\HistDataAccess\bin\sopchdasvrconn.exe" = C:\Program Files\Siemens\ConnectivityStation\OPC\HistDataAccess\bin\sopchdasvrconn.exe:LocalSubNet:Enabled:SIMATIC WinCC Connectivity OPC HDA Server -- (SIEMENS AG) "C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe" = C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe:LocalSubNet:Enabled:Automation License Manager Service -- (SIEMENS AG) "C:\Program Files\Common Files\Siemens\ACE\Bin\CCAgent.exe" = C:\Program Files\Common Files\Siemens\ACE\Bin\CCAgent.exe:LocalSubNet:Enabled:CCAgent -- () "C:\Program Files\Common Files\Siemens\ACE\Bin\RedundancyControl.exe" = C:\Program Files\Common Files\Siemens\ACE\Bin\RedundancyControl.exe:LocalSubNet:Enabled:RedundancyControl -- (SIEMENS AG) "C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe" = C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe:LocalSubNet:Enabled:CCEServer -- () "C:\Program Files\Siemens\SimaticLogon\logonsrv_x.exe" = C:\Program Files\Siemens\SimaticLogon\logonsrv_x.exe:LocalSubNet:Enabled:SIMATIC Logon Service -- () "C:\Program Files\Siemens\SimaticLogon\slra_servicex.exe" = C:\Program Files\Siemens\SimaticLogon\slra_servicex.exe:LocalSubNet:Enabled:SIMATIC Logon Remote Access Service -- () "c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" = c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe:LocalSubNet:Enabled:SQLServer 2005 -- () "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" = c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:LocalSubNet:Enabled:SQLBrowser -- () "C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe" = C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe:LocalSubNet:Enabled:WinCC ProjectManager -- () "C:\Program Files\Siemens\WinCC\bin\CCOnlCmp.exe" = C:\Program Files\Siemens\WinCC\bin\CCOnlCmp.exe:LocalSubNet:Enabled:WinCC Online Compare -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\bin\CCRtsLoader.exe" = C:\Program Files\Siemens\WinCC\bin\CCRtsLoader.exe:LocalSubNet:Enabled:WinCC Datamanager -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\bin\CCUAEditor.exe" = C:\Program Files\Siemens\WinCC\bin\CCUAEditor.exe:LocalSubNet:Enabled:SIMATIC WinCC User Archive Editor -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\bin\CCUsrAcv.exe" = C:\Program Files\Siemens\WinCC\bin\CCUsrAcv.exe:LocalSubNet:Enabled:SIMATIC WinCC User Archive Server -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\OPC\dataaccess\bin\sopcsrvrwincc.exe" = C:\Program Files\Siemens\WinCC\OPC\dataaccess\bin\sopcsrvrwincc.exe:LocalSubNet:Enabled:SIMATIC WinCC OPC DA Server -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\OPC\AlarmEvent\bin\sopcaesrvrwincc.exe" = C:\Program Files\Siemens\WinCC\OPC\AlarmEvent\bin\sopcaesrvrwincc.exe:LocalSubNet:Enabled:SIMATIC WinCC OPC AE Server -- (SIEMENS AG) "C:\Program Files\Siemens\WinCC\OPC\HistDataAccess\bin\sopchdasrvrwincc.exe" = C:\Program Files\Siemens\WinCC\OPC\HistDataAccess\bin\sopchdasrvrwincc.exe:LocalSubNet:Enabled:SIMATIC WinCC OPC HDA Server -- (SIEMENS AG) "C:\WINDOWS\system32\OpcEnum.exe" = C:\WINDOWS\system32\OpcEnum.exe:LocalSubNet:Enabled:SIMATIC WinCC OPC Server Enumerator -- (OPC Foundation) "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01 "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0576A3D0-0000-0409-0000-491C453655D7}" = Autodesk Volo View 3.0 "{06960058-76A9-405D-8833-6D38BFC66979}" = OPC .NET API 2.00 Redistributables "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility "{0F04A935-0636-F59C-EECE-C1B4B2F9486A}" = Catalyst Control Center Localization Portuguese "{11874803-AD19-9C41-DB63-D9CE54DF49B0}" = Catalyst Control Center Core Implementation "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility "{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005 (WINCC) "{1433D04A-BEB4-89D0-FE70-8F650E2E79D3}" = Catalyst Control Center Graphics Full New "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools "{1E3B4B32-FFE5-289A-8A84-ED9DE7F85F43}" = CCC Help Spanish "{1E8250AD-CC1B-43A4-9E75-321806D6F256}" = WinCC flexible Graphics "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{212BE8AD-B0AA-4891-82A9-1B476C913567}" = SIMATIC WinCC/DataMonitor Server V7.0 + SP2 + Upd5 "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{23C4B712-55F1-9053-B1DD-38E1E5BA218B}" = CCC Help Chinese Traditional "{243DCA27-4D10-6739-25D3-898E82241F2A}" = Catalyst Control Center Graphics Full Existing "{25EEB51E-7DB8-464D-AE46-1C8C74F73035}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 25 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{27B3563C-561C-4924-8C0E-EA102264873F}" = Windows Server 2003 Service Pack 1 Administration Tools Pack "{29B175CB-FF74-3F7F-3EF1-70E475D19C56}" = CCC Help Italian "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (WINCCFLEXEXPRESS) "{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33DDBCDC-8972-D771-D584-35AB7A289FDB}" = CCC Help Japanese "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{372F9D94-A514-E875-2519-93E075144313}" = Catalyst Control Center Graphics Light "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{3C30CDB4-AB26-46A9-881D-9E59C25CECC7}" = SIMATIC WinCC/Diagnostics Client V7.0 + SP2 + Upd5 "{3D193C96-4496-F489-AE54-4A626F8E22DB}" = Skins "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FB8ED5D-85B3-45DB-837D-43C1F52A6E95}" = SIMATIC WinCC/WebNavigator Server V7.0 + SP2 + Upd5 "{42590FE2-6BD0-429E-8F83-B490B5E51564}" = Simatic WinCC flexible 2008 SP2 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4780F600-0001-0409-0000-114715ACF216}" = Autodesk Inventor Plug-In 8.0 "{49517270-FA8C-DCBB-4D7A-8D88A6982385}" = Catalyst Control Center Localization French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A427FA3-3B20-43B6-8EF6-FD3037E016DE}" = SIMATIC OPC-XML-Gateway V1.3 + SP 2 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5A8D8518-442F-2724-ADAA-30965B21A45D}" = ccc-utility "{5CAA6BA8-EED0-DFDE-E7F9-C9A2BFE1EB27}" = CCC Help French "{5D71183A-1272-65D0-D371-4FAF297A4089}" = CCC Help Portuguese "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{6271E4B9-5590-42A7-9D2F-54909BC25055}_is1" = RMF FM Miasto Muzyki 1.11 "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{6EBF5C73-D05A-485D-AB60-E557F9947359}" = Oracle VM VirtualBox 3.2.10 "{6EF53F87-4D51-2A62-AF84-0AB7FA7947AC}" = CCC Help Korean "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72005434-30E9-49D9-A5E4-D1AE5D34DB71}" = Windows Live Toolbar "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{75F9DAD1-792C-44E9-B48B-2E22C76E0CBF}" = OPC Core Components Redistributable "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation "{7D023852-B741-4AB8-A3D9-5D38DC0AB2CF}" = SIMATIC WinCC/DataMonitor Client V7.0 + SP2 + Upd5 "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{8161436D-69A9-C339-AF7E-0EEF22050BEC}" = Catalyst Control Center Localization German "{8180ECD7-7DFB-4BD5-A596-A34DBC746A7A}_is1" = PowerTrader "{83472E15-07EC-438C-8327-A51DC06825E2}" = SIMATIC S7-PCT V2.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA "{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{850F51E1-0EB0-379F-0500-9125B3597D71}" = Catalyst Control Center Localization Chinese Traditional "{85AC0FFA-643D-3103-9310-7086ECB0C36C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA "{86BEA58B-200B-03FA-CDB6-4DFCFAF0F229}" = Catalyst Control Center Localization Japanese "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8C5A7B12-D31A-41F8-9629-CF7DC2D85C97}" = SIMATIC WinCC/Excel Workbook V7.0 + SP2 + Upd5 "{8D1882ED-71C1-4AAD-F353-16653ECBAE8B}" = ccc-core-preinstall "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_PROHYBRIDR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_PROHYBRIDR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_PROHYBRIDR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core "{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - English "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9166469E-024C-44C5-88B4-0E74F6E9C791}" = SIMATIC WinCC Smart Tools V7.0 + SP2 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn "{93B0834E-6580-2A70-2A9E-FEA5B6710947}" = Catalyst Control Center Localization Dutch "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9D8DA9A0-67B7-44DB-A0C3-2D1DC6880B71}" = OPC .NET API 2.00 Redistributables (x86) 101.0 "{9DD91CFC-FF8F-5325-FC36-6F6DD7DF441B}" = Catalyst Control Center Localization Korean "{9E602D98-A719-4810-9BAC-4C6935E84730}" = Configure_Website "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{9FB0C5A0-E903-46B1-916C-20B71DEB49B2}" = Open Communication Wizard "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish "{AE6619AE-98D0-A626-6027-53B02715660E}" = Catalyst Control Center Localization Spanish "{AEB50D79-B132-1F6B-5451-5358CBBE8610}" = CCC Help Swedish "{AFF51EB6-32A5-4B28-B52F-E2F4101C39B4}" = SIMATIC WinCC/ConnectivityPack Client V7.0 + SP2 + Upd5 "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B440401C-4804-4F2D-998C-ACF5FC83DA5F}" = SIMATIC S7-PLCSIM V5.4 + SP1 "{B4938B26-C719-4AAF-A63C-15AF6AC210BE}" = SIMATIC WinCC flexible Runtime 2008 SP2 "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B7C49652-368E-45A8-8DDC-A4A118DCE28E}" = SIMATIC AS-OS-Engineering V7.1 + SP2 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB909E16-4003-403D-AC77-CF7980CC0369}" = SIMATIC WinCC/ConnectivityPack Server V7.0 + SP2 + Upd5 "{BB982A64-8E9A-0ACD-1012-87BB28DAF283}" = ccc-core-static "{BC4802BA-C0B8-4898-ABAA-A408FFA25A2A}" = SIMATIC STEP 7 V5.4 + SP5 "{BC85DD5F-1E88-4E38-B77F-0371DFD41045}" = Nero 7 Demo "{BD156B13-8292-804E-B048-7E6CAEB10ECF}" = CCC Help German "{BDACEB08-760A-92DD-69D4-92BDEC0EE2F9}" = Catalyst Control Center Localization Swedish "{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ESN "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1A524F4-E6D2-43B0-A118-19AD2BB1065B}" = SIMATIC MS Update V1.0 + SP1 "{C1E75066-1CED-7D2F-0515-ED42D98030C7}" = CCC Help Chinese Standard "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C5676439-FDE1-4C87-89FD-2189B30EF625}" = SIMATIC WinCC Runtime V7.0 + SP2 + Upd5 "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CCC01ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Device Drivers "{CCC01EDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC NET Softnet PROFIBUS "{CCC02ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC LanguageSupportTool "{CCC02EDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Runtime Manager "{CCC02FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI Symbol Library "{CCC03CDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC SCS "{CCC04CDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Security Control "{CCC04FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMOTION OPC File Manager "{CCC07ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Version View "{CCC15FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI ProSave "{CCC16FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible OCX "{CCC22FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI License Manager Panel Plugin "{CCC59FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible Tag Simulator "{CCC60FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible Simulator "{CD401C93-2341-45EE-B232-6C1FB9735F1E}" = WinCC Connectivity Station V7.0 + SP2 + Upd1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D0579B26-18EC-9B6A-8559-FDA7FAD80044}" = CCC Help Dutch "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D07F643E-A9AC-4170-95CD-E046F227622C}" = SIMATIC WinCC OPC Server V3.8 + HF3 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2F6EC74-1420-4E07-80F3-DC0B7FD7893A}" = SIMATIC WinCC/Excel Workbook Wizard V7.0 + SP2 + Upd5 "{D3E09F77-363F-425E-8E5D-ADD88CC545F9}" = Socrates 102 "{D3FA739F-B301-480A-B791-36BFBCB5241C}" = CodeMeter Runtime Kit v4.20 "{D430A2CA-5814-4E83-B5FF-BB616CFFC0AB}" = USB DataTransfer Driver "{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation "{D92C3C62-2935-DFC2-DC8F-C481BAA96D70}" = Catalyst Control Center Localization Italian "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (WinCCflexible) "{E3B77075-AB22-444A-842B-718EEDFC65D0}" = SIMATIC WinCC Configuration V7.0 + SP2 + Upd5 "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{E783B2AD-7312-45DC-B50C-B973FD143C5B}" = FlexFDT Basic FlexProgram Package "{E85D273D-7191-4232-99C8-FA1703A384D1}" = Siemens Automation License Manager V5.0 + SP1 "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{E9DD8350-836D-4DF8-9291-621DBD91DAB3}" = Prosave V7.4 incl. SP6 "{E9FEC9C7-A875-48C5-B007-2C40A4F771A7}" = SIMATIC Logon V1.4 + SP3 "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ECB6B9FC-22AB-11D5-93A0-000102DD43D4}" = SIMATIC NET, PC Software, Edition 2008 "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1A02F9C-B331-47B6-8EDB-29CDB443EB37}" = PKZIP Server for Windows 12.00.0014 "{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{F689A86F-D13C-F60C-374D-1FB8A3CDE201}" = Catalyst Control Center Localization Chinese Standard "{F7982DB6-2F63-F1BE-EBC6-46BC385D5CEB}" = CCC Help English "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "001FFF1FFF14FF00FF1801F02F02F000-R1" = ArchiCAD 14 POL "05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem (10/05/2009 4.2) "3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Pakiet sterowników systemu Windows - FTDI CDM Driver Package (10/22/2009 2.06.00) "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "88EB56038379B8B7DCFB4D2448A60F52E064B265" = Pakiet sterowników systemu Windows - FTDI CDM Driver Package (10/22/2009 2.06.00) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.4) "AC3Filter" = AC3Filter (remove only) "AceMoney Lite_is1" = AceMoney Lite "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ALLPlayer V3.1_is1" = ALLPlayer V3.X "Ashampoo_PO Toolbar" = Ashampoo PO Toolbar "ATI Display Driver" = ATI Display Driver "AuthorsW" = SIMATIC AuthorsW V2.5 + ServicePack 1 "Belarc Advisor" = Belarc Advisor 8.1 "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "deLight3D" = deLight3D 1.4.2 "Diagram Designer" = Diagram Designer "doPDF 6 printer_is1" = doPDF 6.1 printer "EHCOMM&10C4&8135" = Commubox FXA195 USB HART Modem "FBDBServer_2_0_is1" = Firebird 2.0.0 "ffdshow_is1" = ffdshow [rev 2094] [2008-08-30] "FWOCX" = SIMATIC ProTool/Pro V6.0 Common Files + ServicePack 2 "Gadu-Gadu" = Gadu-Gadu 7.7 "HECI" = Intel(R) Management Engine Interface "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer cenzura! Program 11.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{42590FE2-6BD0-429E-8F83-B490B5E51564}" = SIMATIC WinCC flexible 2008 SP2 "InstallShield_{D3E09F77-363F-425E-8E5D-ADD88CC545F9}" = Socrates 102 "InstallShield_{E783B2AD-7312-45DC-B50C-B973FD143C5B}" = FlexFDT Basic FlexProgram Package "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "ITPM" = Intel® Trusted Platform Module "Kalkulator inwestora_is1" = Kalkulator inwestora "KalkulatorMB" = KalkulatorMB "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mobile Partner" = Mobile Partner "Moje życie na farmie" = Moje życie na farmie "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24) "MWSnap 3" = MWSnap 3 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "NORD CON 1.27" = NORD CON 1.27 "NSP_2011_is1" = NSP 2011 2.0.4 "OnScreenDisplay" = On Screen Display "PCMCIAPW" = ThinkPad PC Card Power Policy "Picasa 3" = Picasa 3 "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.6.20 "Power Management Driver" = ThinkPad Power Management Driver "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "RealAlt_is1" = Real Alternative 2.0.2 "Shop for HP Supplies" = Shop for HP Supplies "SIMATIC ProTool/Pro CS V6.0" = SIMATIC ProTool/Pro CS V6.0 + ServicePack 2 "SIMATIC ProTool/Pro RT V6.0" = SIMATIC ProTool/Pro RT V6.0 + ServicePack 2 "SkanerOnline" = Skaner on-line mks_vir "TeamViewer 5" = TeamViewer 5 "TeamViewer 7" = TeamViewer 7 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "TomTom HOME" = TomTom HOME 2.8.2.2264 "Totalcmd" = Total Commander (Remove or Repair) "VBSdoc" = VBScript Documentation "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Web Navigator Plugin Builder" = SIMATIC WinCC Web Navigator Plug-In Builder V7.0 "Winamp" = Winamp "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Winmail Opener" = Winmail Opener 1.4 "WMCSetup" = Windows Media Connect "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "n3max_mbank_is1" = mStatica 3 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-12-30 18:48:35 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca OTL.exe, wersja 3.2.31.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 18:50:46 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca uydttzjk.exe, wersja 1.0.15.15641, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 18:52:58 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca uydttzjk.exe, wersja 1.0.15.15641, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 18:55:13 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca uydttzjk.exe, wersja 1.0.15.15641, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 18:55:16 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca uydttzjk.exe, wersja 1.0.15.15641, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 18:57:17 | Computer Name = PZYTKOWSKINB | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca uydttzjk.exe, wersja 1.0.15.15641, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-30 19:18:21 | Computer Name = PZYTKOWSKINB | Source = MSMQ | ID = 2059 Description = Nie można użyć usługi RPC z protokołem TCP/IP. W rezultacie Usługa kolejkowania wiadomości nie może komunikować się z innymi komputerami. Error - 2011-12-30 19:18:24 | Computer Name = PZYTKOWSKINB | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2011-12-31 06:16:32 | Computer Name = PZYTKOWSKINB | Source = MSMQ | ID = 2059 Description = Nie można użyć usługi RPC z protokołem TCP/IP. W rezultacie Usługa kolejkowania wiadomości nie może komunikować się z innymi komputerami. Error - 2011-12-31 06:16:38 | Computer Name = PZYTKOWSKINB | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. [ Lenovo-Message Center Plus/Admin Events ] Error - 2010-11-12 06:09:32 | Computer Name = PZYTKOWSKINB | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 2010-11-12 10:25:22 | Computer Name = PZYTKOWSKINB | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 2010-11-25 10:14:30 | Computer Name = PZYTKOWSKINB | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. [ System Events ] Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SIMATIC NET Station Manager z powodu następującego błędu: %%299 Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%299” podczas próby uruchomienia usługi CCProjectMgr z argumentami „-Service” w celu uruchomienia serwera: {803F60A5-2F4B-11D1-8DE0-00A0247305D1} Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SIMATIC WinCC CCProjectMgr z powodu następującego błędu: %%299 Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi SQL Server (WINCCFLEXEXPRESS) z powodu następującego błędu: %%299 Error - 2011-12-31 06:18:11 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-12-31 06:18:15 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-12-31 06:18:17 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-12-31 06:18:17 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-12-31 06:18:42 | Computer Name = PZYTKOWSKINB | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 [ WinCCLog Events ] Error - 2011-10-28 09:03:41 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 10/28/2011 3:03:41 PM Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-10-31 18:13:50 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-10-31 23:13:49 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 03:21:04 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 08:21:02 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 04:34:47 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 09:34:46 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 04:45:14 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 09:45:13 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 07:03:13 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 12:03:13 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 07:51:52 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 12:51:51 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 08:23:41 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 13:23:40 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-10 17:02:01 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-10 22:02:01 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) Error - 2011-11-12 05:25:30 | Computer Name = PZYTKOWSKINB | Source = SystemDiagnosis.DiagnosisClasses | ID = 0 Description = General Information ------------------------------- Machine Name: PZYTKOWSKINB Time Stamp: 2011-11-12 10:25:27 Windows Identity:PZYTKOWSKINB\Piotr Exception Information ---------------------------------- Message: Nie można nawiązać połączenia, ponieważ komputer docelowy aktywnie go odmawia 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException HelpLink: NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) StackTrace Information ------------------------------------------- Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping() at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid) < End of report >

Dodano Dzisiaj, 11:36:
OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-12-31 11:23:30 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 77,66% Memory free 4,83 Gb Paging File | 4,14 Gb Available in Paging File | 85,79% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 292,05 Gb Total Space | 59,46 Gb Free Space | 20,36% Space Free | Partition Type: NTFS Computer Name: PZYTKOWSKINB | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-12-30 23:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe PRC - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2011-12-28 20:06:15 | 001,102,848 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe PRC - [2011-07-28 22:46:12 | 000,227,840 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe PRC - [2011-04-30 02:07:12 | 000,138,752 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\system32\AlmXpmgr.exe PRC - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010-05-06 11:14:54 | 000,358,400 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe PRC - [2010-04-20 02:38:42 | 000,118,784 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe PRC - [2009-04-17 13:22:32 | 000,610,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcFnF5.exe PRC - [2009-04-14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009-03-13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009-03-11 04:13:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2009-03-09 21:10:06 | 000,102,453 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe PRC - [2009-02-02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2008-08-01 22:01:54 | 000,077,824 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\TraceServer.exe PRC - [2008-08-01 21:56:34 | 000,032,768 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2007-04-02 17:51:56 | 000,083,512 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe MOD - [2011-10-12 07:53:22 | 000,593,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\8acd508fd65801747e89bb5ab7e981e4\System.Messaging.ni.dll MOD - [2011-10-12 07:45:49 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll MOD - [2011-10-12 07:45:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011-10-12 07:44:20 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011-10-12 07:44:05 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll MOD - [2011-10-12 07:43:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll MOD - [2011-10-12 07:36:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011-10-12 07:36:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011-10-12 07:36:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011-10-12 07:36:12 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll MOD - [2011-10-12 07:35:45 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011-10-12 07:35:29 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011-10-12 07:35:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011-10-12 07:35:07 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011-10-12 07:35:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011-10-12 07:34:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011-10-12 07:33:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011-04-24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll MOD - [2011-04-24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll MOD - [2011-04-24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll MOD - [2011-04-24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll MOD - [2011-04-24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll MOD - [2011-04-24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll MOD - [2011-04-20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010-09-23 07:24:43 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2010-09-20 10:01:47 | 001,683,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010-09-20 10:01:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010-09-20 10:01:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010-09-20 10:01:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,806,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010-09-20 10:01:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010-09-20 10:01:42 | 000,221,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010-09-20 10:01:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010-09-20 10:01:42 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010-09-20 10:01:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010-09-20 10:01:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010-09-20 10:01:40 | 000,991,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010-09-20 10:01:40 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010-09-20 10:01:40 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010-09-20 10:01:40 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010-09-20 10:01:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010-09-20 10:01:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010-09-20 10:01:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010-09-20 10:01:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010-09-20 10:01:40 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010-03-09 03:01:18 | 000,859,648 | ---- | M] () -- C:\Program Files\Common Files\Siemens\SWS\plugins\scp\scpwin32.dll MOD - [2009-04-17 13:39:06 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\F5Res.dll MOD - [2009-04-17 13:39:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll MOD - [2009-04-17 13:11:40 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcBcon.dll MOD - [2009-04-16 05:39:38 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL MOD - [2009-04-16 05:39:38 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL MOD - [2009-03-18 22:34:40 | 000,196,608 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2009-02-27 09:22:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008-08-01 21:51:12 | 000,015,872 | ---- | M] () -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Common.Base.LicUtil.dll MOD - [2008-06-20 17:04:23 | 000,246,784 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2006-06-16 12:49:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Extern\Browser.dll MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-12-28 21:54:42 | 002,836,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\logonsrv_x.exe -- (SIMATIC Logon Service) SRV - [2011-12-28 21:54:41 | 001,401,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe -- (CCProjectMgr) SRV - [2011-12-28 21:54:41 | 000,466,944 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2011-12-28 21:54:41 | 000,250,880 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe -- (CCEClient) SRV - [2011-12-28 21:54:41 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011-12-28 21:54:41 | 000,056,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011-12-28 21:54:40 | 009,158,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe -- (MSSQL$WINCCFLEXIBLE) SRV - [2011-12-28 21:54:40 | 000,909,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2011-12-28 21:54:06 | 002,978,816 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011-12-28 21:54:06 | 000,505,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\S7wnrmsx\s7wnrmsx.exe -- (SIMATIC NET RouteManager) SRV - [2011-12-28 21:54:06 | 000,360,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor) SRV - [2011-12-28 21:54:04 | 002,006,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2011-12-28 21:53:58 | 000,039,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011-12-28 21:53:57 | 000,077,824 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2011-12-28 21:53:56 | 000,432,128 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\BIN\CCLicenseService.exe -- (CCLicenseService) SRV - [2011-12-28 20:33:29 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2011-12-28 20:33:28 | 000,086,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011-12-28 20:33:27 | 000,745,472 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2011-12-28 20:33:27 | 000,348,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe -- (SSCService) SRV - [2011-12-28 20:33:26 | 000,080,896 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011-12-28 20:33:25 | 000,232,960 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011-12-28 20:33:24 | 002,014,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\sleventlogx.exe -- (SIMATIC Logon Event Logging) SRV - [2011-12-28 20:33:23 | 001,311,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\sldm_x.exe -- (SIMATIC Logon Device Manager) SRV - [2011-12-28 20:33:22 | 001,572,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx) SRV - [2011-12-28 20:33:22 | 000,237,568 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX) SRV - [2011-12-28 20:33:21 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe -- (s7asysvx) SRV - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011-12-28 20:33:15 | 000,106,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2011-12-28 20:33:13 | 000,864,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2011-12-28 20:32:44 | 000,204,288 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Siemens\SimaticLogon\slra_servicex.exe -- (SlraService) SRV - [2011-12-28 20:32:43 | 000,154,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe -- (SCSMonitor) SRV - [2011-12-28 20:21:28 | 029,256,704 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$WINCC) SQL Server (WINCC) SRV - [2011-12-28 20:19:25 | 000,231,424 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe -- (CCEServer) SRV - [2011-12-28 20:14:38 | 029,287,424 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$WINCCFLEXEXPRESS) SQL Server (WINCCFLEXEXPRESS) SRV - [2011-12-28 20:08:39 | 001,050,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmsx.exe -- (StatMgr) SRV - [2011-12-28 20:08:37 | 000,347,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\CCAgent.exe -- (CCAgent) SRV - [2011-12-28 20:08:25 | 001,990,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2011-12-28 20:06:47 | 000,339,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2011-12-28 20:06:44 | 000,217,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2011-12-28 20:06:43 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011-12-28 20:06:41 | 000,339,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLAgent$WINCC) SQL Server Agent (WINCC) SRV - [2011-12-28 20:06:39 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2011-12-28 20:06:32 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\CommonArchiving\CCDBUtils.exe -- (CCDBUtils) SRV - [2011-12-28 20:06:28 | 000,254,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\bin\CCArchiveConnMon.exe -- (CCArchiveConnMon) SRV - [2011-12-28 20:06:15 | 001,102,848 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe -- (almservice) SRV - [2011-08-31 23:26:34 | 000,666,624 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\WebNavigator\DataMonitor\bin\ReportScheduler.exe -- (ReportScheduler) SRV - [2011-08-12 13:11:10 | 000,856,064 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\commonarchiving\CCRedundancyAgent.exe -- (CCRedundancyAgent-Service) SRV - [2011-08-12 13:08:54 | 000,733,184 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\commonarchiving\CCArchiveManager.exe -- (CCArchiveManagerService) SRV - [2011-07-28 22:54:44 | 000,304,128 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCSsmRTServer.exe -- (CCSsmRTServer) SRV - [2011-07-28 22:46:04 | 000,071,168 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCProfileServer.exe -- (CCProfileServer) SRV - [2011-07-28 22:44:14 | 000,360,960 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCAlgIAlarmDataCollector.exe -- (CCAlgIAlarmDataCollector) SRV - [2011-07-28 22:38:08 | 000,372,224 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTextServer.exe -- (CCTextServer) SRV - [2011-07-28 22:36:48 | 001,278,976 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCUsrAcv.exe -- (CCUsrAcv) SRV - [2011-07-28 22:22:58 | 000,448,512 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCPackageMgr.exe -- (CCPackageMgr) SRV - [2011-07-28 22:22:32 | 000,743,936 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCDeltaLoader.exe -- (CCDeltaLoader) SRV - [2011-07-28 22:21:58 | 000,280,576 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTMTimeSyncServer.exe -- (CCTMTimeSyncServer) SRV - [2011-07-28 22:21:08 | 000,645,120 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCNSInfo2Provider.exe -- (CCNSInfo2Provider) SRV - [2011-07-28 22:20:26 | 000,180,736 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCLBMRTServer.exe -- (CCLBMRTServer) SRV - [2011-07-28 22:20:08 | 000,424,448 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCCSigRTServer.exe -- (CCCSigRTServer) SRV - [2011-07-28 22:19:26 | 000,316,416 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCPtmRTServer.exe -- (CCPtmRTServer) SRV - [2011-06-30 12:32:22 | 000,201,728 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe -- (RedundancyState) SRV - [2011-06-30 12:32:14 | 000,472,576 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe -- (RedundancyControl) SRV - [2011-05-13 15:17:34 | 000,660,480 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\BIN\CCPerfMon.exe -- (CCPerfMon) SRV - [2011-04-30 02:18:10 | 000,098,816 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CcAlgRtServer.exe -- (CCAlgRtServer) SRV - [2011-04-30 02:09:00 | 000,069,120 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTlgServer.exe -- (CCTlgServer) SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010-08-16 16:53:36 | 000,173,568 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\CCRT2XML.exe -- (XR_CCOPC.XMLWrapper) SRV - [2010-08-16 16:52:34 | 000,326,656 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\DA2XML.exe -- (CCOPC.XMLWrapper) SRV - [2009-10-27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-02-05 02:04:08 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum) SRV - [2008-04-25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transport Protocol (SMTP) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2005-10-06 17:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-11 15:24:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011-04-20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011-03-10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010-10-08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010-10-08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010-10-08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010-10-08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010-10-08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2010-06-22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010-06-07 08:44:26 | 000,508,416 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\s7otranx.sys -- (s7otranx) DRV - [2010-06-07 08:43:06 | 000,134,144 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S7osobux.sys -- (S7osobux) DRV - [2010-06-07 08:42:40 | 000,173,568 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\s7osmcax.sys -- (s7osmcax) DRV - [2010-06-07 08:40:34 | 000,031,744 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7opcsrtx.sys -- (S7opcsrtx) PROFINET IO RT-Protocol (LLDP) DRV - [2010-06-07 08:39:06 | 000,077,312 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\S7odpx2x.sys -- (s7odpx2x) DRV - [2010-04-08 10:15:56 | 000,012,112 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\fwkbdrtm.sys -- (fwkbdrtm) DRV - [2010-03-18 17:57:18 | 000,024,576 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oupc2x.sys -- (s7oupc2x) DRV - [2010-01-24 14:53:02 | 000,336,128 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO) DRV - [2010-01-09 17:21:58 | 000,028,331 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dpmtrcdd.sys -- (Dpmtrcdd) DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-10-22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009-10-22 16:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2009-10-06 10:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-10-06 10:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-10-06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-10-06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-10-06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-10-06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-06-10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009-05-28 20:30:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2009-03-04 09:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009-02-24 18:39:58 | 000,073,088 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7snsrtx.sys -- (s7snsrtx) DRV - [2009-02-16 02:32:32 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2009-02-16 02:32:32 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009-02-16 02:32:32 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2009-02-16 02:32:32 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2009-02-16 02:32:30 | 000,991,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009-02-16 02:32:30 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009-02-06 04:39:02 | 000,809,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2009-01-28 16:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009-01-28 16:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2008-11-25 16:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-09-24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-21 21:00:52 | 000,064,286 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dpmcslv.sys -- (dpmcslv) DRV - [2008-08-21 19:40:34 | 000,023,808 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7sn2srtx.sys -- (s7sn2srtx) DRV - [2008-08-19 05:57:20 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-08-13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008-05-12 19:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2008-05-08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008-04-15 13:00:00 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008-04-09 11:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2008-04-09 11:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2008-04-09 11:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2008-03-26 05:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm) DRV - [2008-03-26 05:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008-03-17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-03-07 11:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008-02-27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2008-02-22 14:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2008-02-15 10:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-11-29 09:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-07-30 03:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-07-30 02:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-06-18 15:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2007-06-18 15:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007-06-18 15:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007-06-18 15:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007-06-18 15:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007-06-18 15:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007-06-18 15:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007-06-18 15:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007-02-08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007-02-08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005-09-28 16:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-06-23 09:04:50 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser) DRV - [2005-06-23 09:04:50 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) FXA195 USB HART Modem device driver (WDM) DRV - [2004-11-30 08:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2002-11-13 09:40:28 | 000,002,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\FwKbd.sys -- (fwkbd) DRV - [2002-10-18 01:34:14 | 000,030,512 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s7oefs_x.sys -- (s7oefs_x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo PO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@vizlight.pl/deLight3D,version=1.4: C:\Program Files\deLight3D\npdelight3d.dll (vizLight) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-02-25 20:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011-12-29 14:54:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-12-29 14:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-12-29 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-21 21:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-02-25 20:24:31 | 000,000,000 | ---D | M] [2010-10-15 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Extensions [2010-10-15 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2011-12-29 23:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions [2010-09-22 19:45:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-31 13:58:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-29 23:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-09-01 20:31:38 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-03 07:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2010-11-02 09:58:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-09-20 10:12:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-12-29 14:54:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011-04-14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-09-14 22:29:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-09-14 22:29:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-09-14 22:29:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-09-14 22:29:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-09-14 22:29:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-09-14 22:29:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-12-29 22:25:50 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ashampoo PO Toolbar) - {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\Toolbar\WebBrowser: (Ashampoo PO Toolbar) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - C:\Program Files\Ashampoo_PO\prxtbAsha.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [CCUCSurrogate.exe] C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe (SIEMENS AG) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [S7UB Start] C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe (Siemens AG) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [WinCC flexible Smart Start] C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe (SIEMENS AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (ALMXPMGR.EXE) -C:\WINDOWS\System32\AlmXpmgr.exe (SIEMENS AG) O20 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008-08-11 12:21:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{59605e9f-c557-11df-8a6e-002713b3fa5d}\Shell - "" = AutoRun O33 - MountPoints2\{59605e9f-c557-11df-8a6e-002713b3fa5d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-12-30 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\HiJackThis [2011-12-30 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-12-30 08:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\WinRAR [2011-12-29 20:56:03 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2011-12-29 20:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2011-12-29 20:40:58 | 000,000,000 | ---D | C] -- C:\SDFix [2011-12-29 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 2012 [2011-12-29 14:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\SQL Server Management Studio [2011-12-29 11:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2011-12-28 14:37:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\afa3a26e [2011-12-26 20:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Techland [2011-12-26 20:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Techland [2011-12-19 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\KalkulatorMB [2011-12-19 14:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\KalkulatorMB [2011-12-16 14:22:12 | 003,061,264 | ---- | C] (TeamViewer) -- C:\Documents and Settings\Piotr\Pulpit\TeamViewerQJ_pl-idm33235422.exe [2011-12-16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 7 [2011-12-08 11:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\PriceGong [2011-12-08 11:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\AskToolbar [2011-12-08 11:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011-12-08 09:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Kroll Ontrack [2011-12-08 08:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011-12-08 08:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Ashampoo_PO [2011-12-08 08:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Temp [2011-12-08 08:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Conduit [2011-12-08 08:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo_PO [2011-12-07 08:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\.jenny [2011-12-03 11:56:29 | 000,021,656 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn6.dll [2011-12-03 11:56:29 | 000,018,072 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi6.dll [2011-12-03 11:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\doPDF 6 [2011-12-03 11:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Softland [2011-12-03 11:34:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011-12-01 13:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\ELOTouch [2011-02-01 10:58:26 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao350.dll [2010-09-20 09:59:51 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2010-09-20 09:59:48 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Piotr\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Piotr\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\WINDOWS\System32\ [2011-12-31 11:18:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-12-31 11:16:54 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011-12-31 11:15:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-12-31 11:15:30 | 3214,962,688 | -HS- | M] () -- C:\hiberfil.sys [2011-12-31 10:08:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2011-12-30 23:57:32 | 000,002,126 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2011-12-30 22:39:02 | 000,475,418 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Silent Runners.vbs [2011-12-30 22:30:22 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\HiJackThis.lnk [2011-12-30 15:54:27 | 005,496,991 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\db_dok.zip [2011-12-29 22:25:50 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2011-12-29 22:20:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-12-29 20:56:03 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2011-12-29 12:58:56 | 004,424,166 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\emaxplus.bmp [2011-12-28 22:46:39 | 000,015,421 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongZwykla.xml [2011-12-28 22:29:45 | 003,363,180 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Poradnik_Murowanie_z_YTONGa_10-2011.pdf [2011-12-28 22:20:47 | 000,685,114 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-12-28 22:20:47 | 000,622,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-12-28 22:20:47 | 000,162,516 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-12-28 22:20:47 | 000,141,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-12-28 21:38:33 | 000,020,557 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongEnergo.xml [2011-12-26 20:27:19 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Socrates 102.lnk [2011-12-23 14:56:02 | 000,001,338 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011-12-23 14:55:22 | 000,195,977 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\GORGINA.plc [2011-12-23 08:23:09 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Simatic.cfg [2011-12-21 14:47:29 | 000,008,585 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\flaga_EN.gif [2011-12-21 14:36:59 | 000,013,640 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Flaga_Gruzja.jpg [2011-12-21 14:26:11 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Flag_of_Georgia.svg [2011-12-20 10:41:13 | 000,005,709 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongProjekt.xml [2011-12-19 21:06:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Y!Y! [2011-12-19 20:53:26 | 000,048,377 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Wniosek_o_zamkniecie_konta_Inteligo.pdf [2011-12-19 15:16:10 | 000,158,929 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\georgina_cip.plc [2011-12-16 14:22:15 | 003,061,264 | ---- | M] (TeamViewer) -- C:\Documents and Settings\Piotr\Pulpit\TeamViewerQJ_pl-idm33235422.exe [2011-12-14 10:58:00 | 000,457,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-12-14 10:55:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-12-14 09:17:07 | 000,886,764 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\odp___Rzuty_dachu.zip [2011-12-12 12:34:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\spider.sav [2011-12-06 11:41:00 | 000,503,034 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół odbioru dot. RE-51-11.pdf [2011-12-06 11:41:00 | 000,487,325 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół przekazania dokumnetacji technicznej dot. RE-51-11.pdf [2011-12-01 21:16:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-12-01 21:16:47 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\Piotr\default.pls [2011-12-01 15:47:00 | 000,854,611 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Recipes.zip [2011-12-01 14:09:00 | 001,998,848 | ---- | M] () -- C:\Recipes.exe [2011-12-01 13:49:00 | 004,481,045 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\ELOTouch.zip [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Piotr\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Piotr\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-12-30 22:38:54 | 000,475,418 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Silent Runners.vbs [2011-12-30 22:30:22 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\HiJackThis.lnk [2011-12-30 15:54:23 | 005,496,991 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\db_dok.zip [2011-12-29 22:30:51 | 3214,962,688 | -HS- | C] () -- C:\hiberfil.sys [2011-12-29 12:58:56 | 004,424,166 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\emaxplus.bmp [2011-12-28 22:46:39 | 000,015,421 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongZwykla.xml [2011-12-28 22:29:44 | 003,363,180 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Poradnik_Murowanie_z_YTONGa_10-2011.pdf [2011-12-28 21:38:05 | 000,020,557 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongEnergo.xml [2011-12-26 20:27:19 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Socrates 102.lnk [2011-12-21 14:47:29 | 000,008,585 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\flaga_EN.gif [2011-12-21 14:28:16 | 000,013,640 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Flaga_Gruzja.jpg [2011-12-21 14:26:11 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Flag_of_Georgia.svg [2011-12-20 10:41:13 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongProjekt.xml [2011-12-19 20:53:26 | 000,048,377 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Wniosek_o_zamkniecie_konta_Inteligo.pdf [2011-12-14 09:20:23 | 000,886,764 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\odp___Rzuty_dachu.zip [2011-12-13 16:03:39 | 000,158,929 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\georgina_cip.plc [2011-12-11 12:19:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Y!Y! [2011-12-07 16:02:31 | 000,195,977 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\GORGINA.plc [2011-12-06 11:41:00 | 000,503,034 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół odbioru dot. RE-51-11.pdf [2011-12-06 11:41:00 | 000,487,325 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół przekazania dokumnetacji technicznej dot. RE-51-11.pdf [2011-12-03 11:56:29 | 000,007,481 | ---- | C] () -- C:\WINDOWS\System32\dopdf6.ctm [2011-12-01 15:48:54 | 001,998,848 | ---- | C] () -- C:\Recipes.exe [2011-12-01 15:47:00 | 000,854,611 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Recipes.zip [2011-12-01 13:49:00 | 004,481,045 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\ELOTouch.zip [2011-11-30 16:52:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Lvdbed.INI [2011-11-30 13:42:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2011-07-18 14:37:19 | 000,531,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-04-11 15:28:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LBMCS.INI [2011-04-08 17:13:22 | 000,000,152 | ---- | C] () -- C:\WINDOWS\PTMCS.INI [2011-04-04 09:14:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011-03-17 08:15:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011-02-25 20:20:57 | 000,175,070 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2011-02-25 20:20:57 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2011-02-25 12:13:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011-02-15 07:10:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-02-01 11:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FwSim.INI [2011-02-01 11:16:01 | 000,104,633 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwDH485.sys [2011-02-01 11:16:01 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwKbd.sys [2011-02-01 11:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\fwkbd.exe [2011-02-01 11:08:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\ptuninst.exe [2011-02-01 11:02:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ptuninst.exe [2011-01-30 10:13:05 | 000,177,494 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2011-01-30 10:13:05 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2011-01-04 10:47:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011-01-04 08:29:21 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2010-12-03 13:30:06 | 000,604,912 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\wanancsp.dat [2010-11-10 21:19:28 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-02 09:58:31 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010-11-02 09:58:31 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010-09-29 21:19:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-09-29 06:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rptrt.INI [2010-09-22 15:28:55 | 000,001,338 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-09-22 13:06:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VOLOV EReg.ini [2010-09-22 08:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-09-21 07:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PDLSERV.INI [2010-09-21 06:19:52 | 000,023,152 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2010-09-21 06:19:52 | 000,001,092 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2010-09-21 06:19:35 | 000,058,750 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2010-09-21 06:19:35 | 000,014,972 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2010-09-21 06:19:34 | 000,018,031 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2010-09-20 18:46:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe [2010-09-20 14:23:31 | 000,002,126 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-09-20 12:15:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-09-20 10:23:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010-09-20 10:17:11 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2010-09-20 10:16:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010-09-20 10:16:07 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010-09-20 10:16:03 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2010-09-20 10:11:58 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010-09-20 10:11:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010-09-20 10:09:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010-09-20 10:09:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010-09-20 10:09:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010-09-20 10:09:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010-09-20 10:09:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010-09-20 10:09:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010-09-20 10:04:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010-09-20 10:00:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2010-09-20 10:00:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010-09-20 10:00:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010-09-20 10:00:54 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2010-09-20 10:00:54 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010-09-20 10:00:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe [2010-09-20 09:59:51 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2010-09-20 09:59:51 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2010-09-20 09:59:51 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2010-09-20 09:56:00 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config [2010-05-19 19:33:38 | 000,626,636 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw_5711.bin [2010-04-08 10:21:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\s7200L2.dll [2010-03-08 20:17:34 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\sn_regbase.dll [2009-11-19 14:27:34 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ep5711k.dll [2009-11-19 14:27:26 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ep5711j.dll [2009-09-09 19:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009-02-09 16:48:24 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008-12-15 10:11:14 | 000,979,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga5711.bin [2008-08-11 22:48:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008-08-11 22:10:42 | 000,685,114 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2008-08-11 22:10:42 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2008-08-11 22:10:42 | 000,162,516 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2008-08-11 22:10:42 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2008-08-11 22:10:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008-08-11 22:10:35 | 000,622,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008-08-11 22:10:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008-08-11 22:10:35 | 000,141,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008-08-11 22:10:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008-08-11 22:10:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008-08-11 22:10:34 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008-08-11 22:10:34 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008-08-11 22:10:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008-08-11 22:10:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008-08-11 22:10:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008-08-11 22:10:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008-08-11 14:15:46 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-08-11 14:15:11 | 000,457,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008-08-11 12:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008-08-11 12:19:44 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005-12-21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2005-12-21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005-12-21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2005-06-10 07:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll [2002-06-24 17:44:10 | 003,026,989 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL [2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001-09-13 08:00:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\PASSCS.INI [1999-11-08 14:55:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\S7oformx.dll [1999-11-08 14:55:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\s7oformx.exe [1999-07-16 13:37:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\TDCTRL.dll [1996-12-19 14:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL [1996-12-19 14:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL < End of report >

Caly info z gmera:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-31 13:23:15 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084 Running: uydttzjk.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\pwtyipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAB223FBA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAB2248B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAB23DAEE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAB224E26] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAB224D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAB23DE06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAB225056] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAB22521E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAB223D76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAB224F3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAB23F110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAB2245E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAB23DECE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAB22553C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAB238084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAB23988E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAB2248F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAB22653C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAB239088] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAB239A38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAB22562E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAB238BC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAB238E1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAB23F130] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAB23C30A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAB224EB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAB224DA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAB2241F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAB22597E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAB224FD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAB2240E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xAB23F120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAB237EB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAB239698] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAB23C500] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAB225EC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAB239488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAB2257CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAB238198] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAB23880C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAB23E048] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAB23DF96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAB23E0B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAB238A14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAB2263DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAB23833E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAB2384D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAB238670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAB23DC76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAB224756] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAB2253E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAB226010] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAB239248] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAB226104] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAB22623E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAB22545E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAB224392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAB2242EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAB225D78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAB22447C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AB2169F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AB216DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [06, DE, 23, AB, 56, 50, 22, ...] {PUSH ES; FISUB WORD [EBX]; STOSD ; PUSH ESI; PUSH EAX; AND CH, [EBX-0x54ddade2]} .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [76, 3D, 22, AB, 3E, 4F, 22, ...] {JBE 0x3f; AND CH, [EBX-0x54ddb0c2]; ADC CL, DH; AND EBP, [EBX-0x54ddba1a]} .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [2E, 56, 22, AB, C0, 8B, 23, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [98, 81, 23, AB, 0C, 88, 23, ...] {CWDE ; AND DWORD [EBX], 0x23880cab; STOSD ; DEC EAX; LOOPNZ 0x2e; STOSD ; XCHG ESI, EAX; FBLD TBYTE [EBX]; STOSD } .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 20 Bytes [DE, 63, 22, AB, 3E, 83, 23, ...] .text ... .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB78F3000, 0x199B48, 0xE8000020] .text mrxsmb.sys A8CE5302 392 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text mrxsmb.sys A8CE548B 627 Bytes [8B, 44, 24, 10, 89, 6C, 24, ...] .text mrxsmb.sys A8CE56FF 1087 Bytes [C9, C2, 08, 00, 90, 90, 90, ...] .text mrxsmb.sys A8CE5B3F 216 Bytes [0F, 85, E9, 8E, 00, 00, 66, ...] .text mrxsmb.sys A8CE5C18 107 Bytes [3C, 10, 0F, 83, 0E, 8E, 00, ...] .text ... .INIT C:\WINDOWS\system32\DRIVERS\mrxsmb.sys entry point in ".INIT" section [0xA8CF2922] ? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] .text C:\Program Files\Mozilla Firefox\firefox.exe[5912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0040131F C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B97F5DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B97F5DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1300] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3952] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 fwkbd.SYS AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 fwkbd.SYS AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) Device \FileSystem\Fastfat \Fat A508BD20 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) AB447000-AB455000 (57344 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:1216] BA2DCE40 Thread System [4:1220] BA2DCE40 Thread System [4:1224] 879A9520 Thread System [4:1228] 879A9520 Thread System [4:4368] A52AC41E ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB62002$\2946736750 0 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\L 0 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\L\yhbotnao 456320 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\loader.tlb 2632 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U 0 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@000000c0 3072 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@80000000 26112 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@800000c0 32768 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@800000cb 24064 bytes File C:\WINDOWS\$NtUninstallKB62002$\2946736750\U\@800000cf 31744 bytes File C:\WINDOWS\$NtUninstallKB62002$\3767573456 0 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP73MicroKeyMonoI01600048.xml 39044 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP77AKeyMonoI01600064.xml 39832 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP77BI01600064.xml 1224 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP170A.xml 1188 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP170BcolorI06.xml 1739 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP170Bmono.xml 1726 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP170MI06.xml 1226 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177ATouchMonoI6.xml 39866 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177ATouchMonoI6P.xml 39890 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177BdpTouchMonoI6.xml 2000 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177BpndpTouchColorI6.xml 2044 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177MicroTouchMonoI6.xml 39716 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP177MicroTouchMonoI6P.xml 39742 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP270I06.xml 1768 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP270I10.xml 1779 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP277TouchColorI06.xml 2010 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_TP77BI04.xml 2185 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__C7-633.xml 665 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_C7635I06.xml 1746 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_C7635touchI06.xml 1764 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_C7636KeyColorI06.xml 1757 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_C7636TouchColorI10.xml 1778 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_HH170I06.xml 1846 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_KTP178MicroMonoI6.xml 39736 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean04pnMono.xml 39502 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean04pnMonoP.xml 39522 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06dpColor.xml 39404 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP177TouchColorI06.xml 2033 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP270BI10.xml 1805 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP270touchI06.xml 1919 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP270touchI10.xml 1859 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP277KeyColorI08.xml 2191 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP277KeyColorI10.xml 2204 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP277TouchColorI08.xml 2213 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP277TouchColorI10.xml 2226 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP370.xml 1835 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP370touchI12.xml 1899 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP370touchI15.xml 1986 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP377KeyColorI12.xml 2225 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP377TouchColorI12.xml 2247 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP377TouchColorI15.xml 2247 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MP377TouchColorI19.xml 2247 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP170BI06.xml 1688 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP177BdpMonoI6.xml 1997 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP177BpndpColorI6.xml 2041 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP270I06.xml 1770 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP270I10.xml 1781 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP277KeyColorI06.xml 2012 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06dpColorP.xml 39425 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277WLV2KeyColorI08.xml 2381 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_OP73KeyMonoI01600048.xml 40440 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__C7-634.xml 664 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__MP270.xml 1319 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__OP17.xml 661 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__OP27.xml 687 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__OP37.xml 687 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__OP7.xml 684 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__TD17.xml 648 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__TP070.xml 1127 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__TP27-10.xml 693 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__TP27-6.xml 689 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping__TP37.xml 686 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Basic_Panels.xml 334 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___C7 Panels.xml 331 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Micro_Panels.xml 334 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Mobile_Panels.xml 335 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Multi_Panels.xml 334 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Panels.xml 328 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___ProTool Text Based Panels.xml 347 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___ProTool_Graphic_Based_Panels.xml 350 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping___Version.xml 266 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06pnColor.xml 39511 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06pnColorP.xml 39532 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06pnMono.xml 39506 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean06pnMonoP.xml 39526 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean10dpColor.xml 43903 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean10pnColor.xml 44012 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_Lean15pnColor.xml 43997 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel177dpKeyColorI6.xml 2136 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel177pnKeyColorI6.xml 2136 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277ColorI10.xml 2210 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277FWLV2KeyColorI08.xml 2394 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277FWLV2RFIDKeyColI08.xml 2489 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277VWColorI10.xml 2210 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277WLKeyColorI10.xml 2256 bytes File C:\Program Files\Common Files\Siemens\PTProSave\devices\DeviceMapping_MobilePanel277WLSafetyKeyColorI10.xml 2269 bytes ---- EOF - GMER 1.0.15 ----

**Posty:** 18165 · przez **wojtas** 31 Gru 2011, 17:04

Uruchom narzędzie Kaspersky TDSSKiller Gdyby coś znalazł wybierz opcję Skip i wklej tylko raport i nowy log z Gmera i Daj loga z Combofixa

**Posty:** 4 · przez **piotrek57** 31 Gru 2011, 20:01

Kaspersky nic nie znalazl.
Combofix:

Kod: Zaznacz wszystko: ComboFix 11-12-31.03 - Piotr 2012-01-01 13:33:29.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3066.2447 [GMT 1:00] Uruchomiony z: c:\documents and settings\Piotr\Moje dokumenty\Pobieranie\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\c_83231.nls c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . Zainfekowana kopia c:\windows\system32\drivers\mrxsmb.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) . ((((((((((((((((((((((((( Pliki utworzone od 2011-12-01 do 2012-01-01 ))))))))))))))))))))))))))))))) . . 2012-01-01 12:21 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-01-01 11:45 . 2012-01-01 11:45 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-01-01 11:41 . 2012-01-01 11:41 -------- d-----w- c:\program files\MSXML 6.0 2012-01-01 11:12 . 2005-10-20 03:59 81920 ----a-w- c:\windows\system32\ImageDrive.cpl 2011-12-30 21:30 . 2011-12-30 21:30 388096 ----a-r- c:\documents and settings\Piotr\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-30 21:30 . 2011-12-30 21:30 -------- d-----w- c:\program files\Trend Micro 2011-12-29 19:56 . 2011-12-29 19:56 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll 2011-12-29 19:52 . 2011-12-29 19:52 -------- d-----w- c:\windows\ERUNT 2011-12-29 11:45 . 2011-12-29 11:45 -------- d-----r- c:\documents and settings\LocalService\Ulubione 2011-12-29 10:50 . 2011-12-29 10:54 -------- d-----w- c:\program files\SkanerOnline 2011-12-29 10:21 . 2011-12-29 10:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-12-28 13:42 . 2011-12-28 13:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-12-28 13:37 . 2011-12-31 17:26 -------- d-sh--w- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\afa3a26e 2011-12-26 19:25 . 2011-12-26 19:25 -------- d-----w- c:\program files\Techland 2011-12-19 13:01 . 2011-12-20 09:18 -------- d-----w- c:\program files\KalkulatorMB 2011-12-08 10:01 . 2011-12-08 11:27 -------- d-----w- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\AskToolbar 2011-12-08 10:01 . 2011-12-08 11:27 -------- d-----w- c:\program files\Ask.com 2011-12-08 08:34 . 2011-12-08 11:30 -------- d-----w- c:\program files\Kroll Ontrack 2011-12-08 07:54 . 2011-12-08 07:54 -------- d-----w- c:\program files\Conduit 2011-12-08 07:54 . 2011-12-29 10:49 -------- d-----w- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Ashampoo_PO 2011-12-08 07:54 . 2011-12-08 07:54 -------- d-----w- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Temp 2011-12-08 07:54 . 2011-12-08 07:54 -------- d-----w- c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Conduit 2011-12-08 07:54 . 2011-12-08 07:54 -------- d-----w- c:\program files\Ashampoo_PO 2011-12-07 07:36 . 2011-12-16 22:40 -------- d-----w- c:\documents and settings\Piotr\.jenny 2011-12-03 10:56 . 2008-09-19 13:48 21656 ----a-w- c:\windows\system32\dopdfmn6.dll 2011-12-03 10:56 . 2008-09-19 13:48 18072 ----a-w- c:\windows\system32\dopdfmi6.dll 2011-12-03 10:56 . 2011-12-03 10:56 -------- d-----w- c:\program files\Softland 2011-12-03 10:34 . 2011-12-03 10:34 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-28 20:54 . 2010-09-20 17:46 32768 ----a-w- c:\windows\system32\ibmpmsvc.exe 2011-12-28 20:54 . 2010-09-20 09:00 557056 ----a-w- c:\windows\system32\ati2evxx.exe 2011-12-28 19:32 . 2009-01-28 15:59 33280 ----a-w- c:\windows\system32\TPHDEXLG.exe 2011-12-01 13:09 . 2011-12-01 14:48 1998848 ----a-w- C:\Recipes.exe 2011-11-23 14:40 . 2008-08-11 21:10 1859840 ----a-w- c:\windows\system32\win32k.sys 2011-11-11 14:24 . 2011-11-11 14:24 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys 2011-11-04 19:13 . 2008-08-11 21:10 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-08-11 21:10 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-08-11 21:10 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-08-11 21:10 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 10:04 . 2011-10-06 10:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-01 16:07 . 2008-08-11 21:10 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2008-08-11 21:10 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:49 . 2008-04-14 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-26 10:49 . 2008-04-14 21:59 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-18 11:13 . 2008-08-11 21:10 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-08-11 11:20 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-09 07:09 . 2011-10-09 07:09 1409 ----a-w- c:\windows\system32\tmpB47D9.FOT 1998-04-27 18:15 . 2011-02-01 09:58 570128 ------w- c:\program files\Common Files\dao350.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-31_17.31.00 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-20 09:26 . 2012-01-01 12:53 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2010-09-20 09:26 . 2011-12-31 17:32 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2010-09-20 09:26 . 2012-01-01 12:53 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2010-09-20 09:26 . 2011-12-31 17:32 32768 c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2010-09-20 09:26 . 2011-12-31 17:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-09-20 09:26 . 2012-01-01 12:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2012-01-01 11:41 . 2012-01-01 11:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7fa8dd78b53756985b556327cc39de3c\Microsoft.SqlServer.CustomControls.ni.dll + 2012-01-01 11:41 . 2012-01-01 11:41 43736 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll + 2008-08-11 21:10 . 2012-01-01 11:26 586618 c:\windows\system32\perfh015.dat + 2008-08-11 21:10 . 2012-01-01 11:26 524066 c:\windows\system32\perfh009.dat + 2008-08-11 21:10 . 2012-01-01 11:26 124356 c:\windows\system32\perfc015.dat + 2008-08-11 21:10 . 2012-01-01 11:26 103532 c:\windows\system32\perfc009.dat + 2010-09-21 05:19 . 2012-01-01 12:53 235060 c:\windows\system32\inetsrv\MetaBase.bin + 2008-08-11 13:15 . 2012-01-01 11:15 454864 c:\windows\system32\FNTCACHE.DAT + 2012-01-01 11:48 . 2012-01-01 11:48 880128 c:\windows\Installer\853bc.msi + 2012-01-01 11:45 . 2012-01-01 11:45 650752 c:\windows\Installer\853a3.msi + 2006-05-16 01:15 . 2006-05-16 01:15 911360 c:\windows\Installer\85398.msp + 2012-01-01 11:41 . 2012-01-01 11:41 806400 c:\windows\Installer\85397.msi + 2012-01-01 11:41 . 2012-01-01 11:41 868864 c:\windows\Installer\85391.msi + 2012-01-01 11:45 . 2012-01-01 11:45 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2011-06-21 00:47 . 2011-06-21 00:47 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2012-01-01 11:41 . 2012-01-01 11:41 529920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a4e094530f09658b2825dae177812e8\Microsoft.SqlServer.GridControl.ni.dll + 2012-01-01 11:41 . 2012-01-01 11:41 988160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\19161548ad2eff0d32462f99334f3cc8\Microsoft.SqlServer.WizardFrameworkLite.ni.dll + 2012-01-01 11:41 . 2012-01-01 11:41 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\06394b5193ef90afda8f9b264f6e315b\Microsoft.SqlServer.Setup.ni.dll + 2012-01-01 11:41 . 2012-01-01 11:41 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ca1406c347f574dc25831bd1ff0b1593\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll + 2012-01-01 11:41 . 2012-01-01 11:41 592600 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll - 2010-09-20 13:07 . 2010-09-20 13:07 289496 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll + 2012-01-01 11:41 . 2012-01-01 11:41 289496 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll + 2012-01-01 11:41 . 2012-01-01 11:41 199384 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll + 2012-01-01 11:41 . 2012-01-01 11:41 133848 c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll + 2012-01-01 11:44 . 2012-01-01 11:44 461416 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll + 2012-01-01 11:45 . 2012-01-01 11:45 1415168 c:\windows\Installer\853a9.msi + 2006-05-16 01:15 . 2006-05-16 01:15 48875520 c:\windows\Installer\853e0.msp + 2006-05-16 01:06 . 2006-05-16 01:06 31526912 c:\windows\Installer\853db.msp + 2006-05-16 01:00 . 2006-05-16 01:00 15921152 c:\windows\Installer\853d6.msp . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] 2011-05-09 08:49 176936 ----a-w- c:\program files\Ashampoo_PO\prxtbAsha.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d43723ae-1ae1-4a25-a6a4-bf0929273cab}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D43723AE-1AE1-4A25-A6A4-BF0929273CAB}"= "c:\program files\Ashampoo_PO\prxtbAsha.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d43723ae-1ae1-4a25-a6a4-bf0929273cab}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Piotr\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Piotr\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Piotr\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Piotr\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinCC flexible Smart Start"="c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" [2010-04-20 118784] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2009-03-09 102453] "MsmqIntCert"="mqrt.dll" [2008-04-15 177152] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Stationmanager"="c:\program files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe" [2009-07-14 620032] "avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"= "c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"= "c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"= "c:\\WINDOWS\\system32\\s7otbxsx.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\HmiES.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008\\TraceServer.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\Miniweb.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Firebird\\Firebird_2_0\\bin\\isql.exe"= "c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 14\\ArchiCAD.exe"= "c:\\Documents and Settings\\Piotr\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3050:TCP"= 3050:TCP:FIRE "3050:UDP"= 3050:UDP:fire . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-01-28 20520] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-03-04 11352] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-12-10 143184] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-12-10 41936] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [2010-05-06 1102848] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2010-05-03 2059776] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2010-01-09 28331] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [2010-06-07 77312] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [2010-06-07 31744] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [2010-06-07 173568] R2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;c:\windows\system32\drivers\s7sn2srtx.sys [2008-08-21 23808] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2009-02-24 73088] R3 fwkbd;fwkbd;c:\windows\system32\drivers\FwKbd.sys [2011-02-01 2976] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [2010-04-08 12112] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-03-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-05-16 19472] R3 S7osobux;SIMATIC SoftBus;c:\windows\system32\drivers\S7osobux.sys [2010-03-02 134144] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-02-22 37312] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-10-08 111568] S2 CCAgent;CCAgent;c:\program files\Common Files\Siemens\ace\bin\CCAgent.exe [2011-06-30 347136] S2 CCArchiveConnMon;CCArchiveConnMon;c:\program files\Common Files\Siemens\BIN\CCArchiveConnMon.exe [2011-07-28 254464] S2 CCDBUtils;CCDBUtils;c:\program files\Common Files\Siemens\commonarchiving\CCDBUtils.exe [2011-08-12 98304] S2 CCEServer;CCEServer;c:\program files\Common Files\Siemens\ace\bin\CCEServer.exe [2011-06-30 231424] S2 CCProjectMgr;SIMATIC WinCC CCProjectMgr;c:\program files\Siemens\WinCC\bin\CCProjectMgr.exe --> c:\program files\Siemens\WinCC\bin\CCProjectMgr.exe [?] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009-05-15 39936] S2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [2005-05-03 9158656] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2010-09-20 53248] S2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [2009-03-09 69632] S2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2010-06-07 1572864] S2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2010-06-07 237568] S2 SCSMonitor;SCSMonitor;c:\program files\Common Files\Siemens\ace\bin\SCSMX.exe [2011-06-30 154112] S2 SIMATIC Logon Device Manager;SIMATIC Logon Device Manager;c:\program files\Siemens\SimaticLogon\sldm_x.exe [2010-07-16 1311232] S2 SIMATIC Logon Event Logging;SIMATIC Logon Event Logging;c:\program files\Siemens\SimaticLogon\sleventlogx.exe [2010-07-16 2014208] S2 SIMATIC Logon Service;SIMATIC Logon Service;c:\program files\Siemens\SimaticLogon\logonsrv_x.exe [2010-07-16 2836480] S2 SIMATIC NET RouteManager;SIMATIC NET Route Manager;c:\program files\Common Files\Siemens\S7wnrmsx\s7wnrmsx.exe [2009-07-14 505856] S2 SlraService;SIMATIC Logon Remote Access;c:\program files\Siemens\SimaticLogon\slra_servicex.exe [2010-07-16 204288] S2 SSCService;SIMATIC Security Control Service;c:\program files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [2010-03-23 348160] S2 StatMgr;SIMATIC NET Station Manager;c:\program files\Common Files\Siemens\S7wnsmsx\s7wnsmsx.exe [2009-07-14 1050624] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-24 2006528] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2978816] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 86528] S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2009-05-15 56832] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-11-24 520192] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys --> c:\windows\system32\Drivers\ATSwpWDF.sys [?] S3 CCAlgIAlarmDataCollector;SIMATIC WinCC CCAlgIAlarmDataCollector;"c:\program files\Siemens\WinCC\bin\CCAlgIAlarmDataCollector.exe" --> c:\program files\Siemens\WinCC\bin\CCAlgIAlarmDataCollector.exe [?] S3 CCArchiveManagerService;CCArchiveManagerService;c:\program files\Common Files\Siemens\commonarchiving\CCArchiveManager.exe [2011-08-12 733184] S3 CCEClient;CCEClient;c:\program files\Common Files\Siemens\ace\bin\CCEClient.exe [2011-06-30 250880] S3 CCLicenseService;SIMATIC WinCC License Service;c:\program files\Common Files\Siemens\BIN\CCLicenseService.exe [2011-08-20 432128] S3 CCOPC.XMLWrapper;CCOPC.XMLWrapper;c:\program files\Siemens\WinCC\OPC\XMLDataAccess\bin\DA2XML.exe [2010-08-16 326656] S3 CCPerfMon;CCPerfMon;c:\program files\Common Files\Siemens\bin\CCPerfMon.exe --> c:\program files\Common Files\Siemens\bin\CCPerfMon.exe [?] S3 CCRedundancyAgent-Service;CCRedundancyAgent-Service;c:\program files\Common Files\Siemens\commonarchiving\CCRedundancyAgent.exe [2011-08-12 856064] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [2008-08-21 64286] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?] S3 HmPci;HmPci;\??\c:\windows\system32\drivers\HmPci.sys --> c:\windows\system32\drivers\HmPci.sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-10-31 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-06-22 21248] S3 IPCTYPE;IPCTYPE;\??\c:\documents and settings\All Users\Dane aplikacji\Pro-face\GP-Pro EX 2.6\Simulator\IPCType.sys --> c:\documents and settings\All Users\Dane aplikacji\Pro-face\GP-Pro EX 2.6\Simulator\IPCType.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-09-24 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-09-24 8320] S3 RedundancyControl;RedundancyControl;c:\program files\Common Files\Siemens\ace\bin\RedundancyControl.exe [2011-06-30 472576] S3 RedundancyState;RedundancyState;c:\program files\Common Files\Siemens\ace\bin\RedundancyState.exe [2011-06-30 201728] S3 ReportScheduler;SIMATIC WinCC ReportScheduler;c:\program files\Siemens\WinCC\WebNavigator\DataMonitor\bin\ReportScheduler.exe [2011-08-31 666624] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2002-10-18 30512] S3 s7oupc2x;SIMATIC PC Adapter USB - USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [2010-03-18 24576] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [2005-05-03 323584] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-11-11 25088] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-10-08 100560] S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-12-10 31888] S3 XR_CCOPC.XMLWrapper;XR_CCOPC.XMLWrapper;c:\program files\Siemens\WinCC\OPC\XMLDataAccess\bin\CCRT2XML.exe [2010-08-16 173568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-01-01 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-20 04:41] . 2010-09-20 c:\windows\Tasks\Przypomnienie o rejestracji 1.job - c:\windows\system32\OOBE\oobebaln.exe [2008-08-11 12:00] . 2012-01-01 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481033 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Wyślij do interfejsu Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: Wyślij do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 83.238.182.1 83.238.17.202 194.150.238.2 FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - google.pl FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q= FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-01 13:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1428) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3780) c:\windows\system32\WININET.dll c:\documents and settings\Piotr\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\msdtc.exe c:\windows\system32\inetsrv\inetinfo.exe c:\windows\System32\TPHDEXLG.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Common Files\Siemens\Sqlany\dbsrv9.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe . ************************************************************************** . Czas ukończenia: 2012-01-01 14:01:38 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-01-01 13:01 ComboFix2.txt 2011-12-31 17:41 . Przed: 68 945 895 424 bajtów wolnych Po: 69 189 701 632 bajtów wolnych . - - End Of File - - 2E1B27FD91C96E9966BB2647D83C6AD4

A Gmer mi sie wysypuje podczs skanowania (log do czasu wysypania):

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-01 19:30:12 Windows 5.1.2600 Dodatek Service Pack 3 Running: uydttzjk.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\pwtyipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAB5BAFBA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAB5BB8B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAB5D4AEE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAB5BBE26] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAB5BBD14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAB5D4E06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAB5BC056] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAB5BC21E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAB5BAD76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAB5BBF3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAB5D6110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAB5BB5E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAB5D4ECE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAB5BC53C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAB5CF084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAB5D088E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAB5BB8F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAB5BD53C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAB5D0088] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAB5D0A38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAB5BC62E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAB5CFBC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAB5CFE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAB5D6130] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAB5D330A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAB5BBEB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAB5BBDA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAB5BB1F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAB5BC97E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAB5BBFD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAB5BB0E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xAB5D6120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAB5CEEB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAB5D0698] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAB5D3500] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAB5BCEC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAB5D0488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAB5BC7CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAB5CF198] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAB5CF80C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAB5D5048] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAB5D4F96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAB5D50B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAB5CFA14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAB5BD3DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAB5CF33E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAB5CF4D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAB5CF670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAB5D4C76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAB5BB756] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAB5BC3E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAB5BD010] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAB5D0248] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAB5BD104] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAB5BD23E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAB5BC45E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAB5BB392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAB5BB2EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAB5BCD78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAB5BB47C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AB5AD9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AB5ADDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntkrnlpa.exe!ZwCallbackReturn + 2C48 805044E4 2 Bytes [B4, B8] {MOV AH, 0xb8} .text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [06, 4E, 5D, AB, 56, C0, 5B, ...] {PUSH ES; DEC ESI; POP EBP; STOSD ; PUSH ESI; RCR BYTE [EBX-0x55], 0x1e; RET 0xab5b} .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [76, AD, 5B, AB, 3E, BF, 5B, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2CF4 80504590 2 Bytes [3C, D5] {CMP AL, 0xd5} .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [2E, C6, 5B, AB, C0, FB, 5C, ...] .text ... ? Combo-Fix.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7BD9000, 0x199B48, 0xE8000020] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0040131F C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3908] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 105D69A2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B97BDDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B97BDDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[3216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 fwkbd.SYS AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 fwkbd.SYS

**Posty:** 18165 · przez **wojtas** 02 Sty 2012, 21:21

odinstaluj Ashampoo PO Toolbar
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL

:Files
c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\AskToolbar
c:\program files\Ask.com
c:\program files\Conduit
c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Ashampoo_PO

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

Autor postu otrzymał pochwałę

**Posty:** 4 · przez **piotrek57** 03 Sty 2012, 11:50

Czyszczenie

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== ========== FILES ========== c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\AskToolbar folder moved successfully. c:\program files\Ask.com folder moved successfully. c:\program files\Kroll Ontrack folder moved successfully. c:\program files\Conduit\Community Alerts folder moved successfully. c:\program files\Conduit folder moved successfully. File\Folder c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Ashampoo_PO not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56468 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Piotr ->Temp folder emptied: 710389217 bytes ->Temporary Internet Files folder emptied: 922105 bytes ->Java cache emptied: 42008972 bytes ->FireFox cache emptied: 92486405 bytes ->Flash cache emptied: 83187 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 538066 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 807,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Piotr ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01032012_103432 Files\Folders moved on Reboot... C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.Word\~WRS{1B943657-4FBA-4BDB-8866-14AF073884AF}.tmp moved successfully. C:\Documents and Settings\Piotr\Ustawienia lokalne\Temporary Internet Files\Content.Word\~WRS{2C2F61E0-065B-431D-A6D5-69DF8E865802}.tmp moved successfully. File\Folder C:\WINDOWS\temp\klsFD1C.tmp not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_b50.dat not found! Registry entries deleted on Reboot...

OTL part1

Kod: Zaznacz wszystko: OTL logfile created on: 2012-01-03 10:42:30 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,99 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,59% Memory free 4,83 Gb Paging File | 3,96 Gb Available in Paging File | 81,98% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 292,05 Gb Total Space | 57,63 Gb Free Space | 19,73% Space Free | Partition Type: NTFS Drive D: | 6,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 116,44 Gb Total Space | 2,19 Gb Free Space | 1,88% Space Free | Partition Type: NTFS Computer Name: PZYTKOWSKINB | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-12-30 23:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotr\Moje dokumenty\Pobieranie\OTL.exe PRC - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2011-12-28 20:06:15 | 001,102,848 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe PRC - [2011-12-21 21:45:32 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-08-31 22:06:22 | 001,401,344 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe PRC - [2011-08-20 21:38:02 | 000,432,128 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\BIN\CCLicenseService.exe PRC - [2011-07-28 23:38:12 | 000,254,464 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\BIN\CCArchiveConnMon.exe PRC - [2011-07-28 22:46:12 | 000,227,840 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe PRC - [2011-06-30 12:18:14 | 000,250,880 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe PRC - [2011-04-30 02:07:12 | 000,138,752 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\system32\AlmXpmgr.exe PRC - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2011-04-24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtblfs.exe PRC - [2010-05-06 11:14:54 | 000,358,400 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe PRC - [2010-04-20 02:38:42 | 000,118,784 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe PRC - [2009-07-14 13:12:16 | 000,505,856 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7wnrmsx\s7wnrmsx.exe PRC - [2009-07-14 13:09:12 | 000,620,032 | ---- | M] (Siemens AG) -- C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe PRC - [2009-07-14 13:03:26 | 001,050,624 | ---- | M] (Siemens AG) -- C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmsx.exe PRC - [2009-06-29 20:56:16 | 001,777,664 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binS7\scores7.exe PRC - [2009-06-29 20:37:52 | 000,110,667 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\_simpcmon.exe PRC - [2009-06-29 20:35:52 | 001,200,206 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\sservcfg.exe PRC - [2009-06-29 20:33:16 | 000,389,198 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\scorecfg.exe PRC - [2009-06-29 19:40:56 | 000,746,496 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\simnetpnpman.exe PRC - [2009-06-29 18:57:04 | 000,135,232 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe PRC - [2009-04-17 13:22:32 | 000,610,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcFnF5.exe PRC - [2009-04-14 11:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009-03-13 09:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009-03-11 04:13:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2009-03-09 21:10:06 | 000,102,453 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe PRC - [2009-02-02 10:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2008-08-01 21:56:34 | 000,032,768 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe PRC - [2008-07-14 23:43:10 | 000,024,576 | ---- | M] (OPC Foundation) -- C:\Program Files\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2007-04-02 17:51:56 | 000,083,512 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe MOD - [2011-12-21 21:45:33 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2011-10-12 08:01:03 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll MOD - [2011-10-12 08:00:34 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll MOD - [2011-10-12 07:58:57 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll MOD - [2011-10-12 07:58:44 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll MOD - [2011-10-12 07:58:28 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll MOD - [2011-10-12 07:58:23 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll MOD - [2011-10-12 07:53:22 | 000,593,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\8acd508fd65801747e89bb5ab7e981e4\System.Messaging.ni.dll MOD - [2011-10-12 07:45:49 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll MOD - [2011-10-12 07:45:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011-10-12 07:44:25 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll MOD - [2011-10-12 07:44:20 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011-10-12 07:44:05 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll MOD - [2011-10-12 07:43:54 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll MOD - [2011-10-12 07:36:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011-10-12 07:36:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011-10-12 07:36:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011-10-12 07:36:12 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll MOD - [2011-10-12 07:35:45 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll MOD - [2011-10-12 07:35:29 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll MOD - [2011-10-12 07:35:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011-10-12 07:35:07 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011-10-12 07:35:01 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011-10-12 07:34:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011-10-12 07:33:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011-04-24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll MOD - [2011-04-24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll MOD - [2011-04-24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll MOD - [2011-04-24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll MOD - [2011-04-24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll MOD - [2011-04-24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll MOD - [2011-04-20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010-09-23 07:24:43 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2010-09-20 10:01:47 | 001,683,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010-09-20 10:01:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010-09-20 10:01:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010-09-20 10:01:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:43 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010-09-20 10:01:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010-09-20 10:01:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,806,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010-09-20 10:01:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010-09-20 10:01:42 | 000,221,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010-09-20 10:01:42 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010-09-20 10:01:42 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010-09-20 10:01:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010-09-20 10:01:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010-09-20 10:01:42 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010-09-20 10:01:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010-09-20 10:01:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010-09-20 10:01:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010-09-20 10:01:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010-09-20 10:01:40 | 000,991,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010-09-20 10:01:40 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010-09-20 10:01:40 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010-09-20 10:01:40 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010-09-20 10:01:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010-09-20 10:01:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll MOD - [2010-09-20 10:01:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010-09-20 10:01:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010-09-20 10:01:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010-09-20 10:01:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2010-09-20 10:01:40 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010-09-20 10:01:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010-09-20 10:01:40 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2010-09-20 10:01:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010-03-09 03:01:18 | 000,859,648 | ---- | M] () -- C:\Program Files\Common Files\Siemens\SWS\plugins\scp\scpwin32.dll MOD - [2010-03-08 20:17:34 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\sn_regbase.dll MOD - [2009-04-17 13:39:06 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\F5Res.dll MOD - [2009-04-17 13:39:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll MOD - [2009-04-17 13:11:40 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcBcon.dll MOD - [2009-04-16 05:39:38 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL MOD - [2009-04-16 05:39:38 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL MOD - [2009-03-18 22:34:40 | 000,196,608 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2009-02-27 09:22:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008-08-01 21:51:12 | 000,015,872 | ---- | M] () -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Common.Base.LicUtil.dll MOD - [2008-07-01 00:46:08 | 000,931,840 | ---- | M] () -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binS7\libxml2.dll MOD - [2006-06-16 12:49:10 | 000,036,864 | ---- | M] () -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\Extern\Browser.dll MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-12-28 21:54:42 | 002,836,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\logonsrv_x.exe -- (SIMATIC Logon Service) SRV - [2011-12-28 21:54:41 | 000,466,944 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2011-12-28 21:54:41 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011-12-28 21:54:41 | 000,056,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011-12-28 21:54:40 | 000,909,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2011-12-28 21:54:06 | 002,978,816 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011-12-28 21:54:06 | 000,360,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor) SRV - [2011-12-28 21:54:04 | 002,006,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2011-12-28 21:53:58 | 000,039,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011-12-28 21:53:57 | 000,077,824 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2011-12-28 20:33:29 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2011-12-28 20:33:28 | 000,086,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011-12-28 20:33:27 | 000,745,472 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2011-12-28 20:33:27 | 000,348,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe -- (SSCService) SRV - [2011-12-28 20:33:24 | 002,014,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\sleventlogx.exe -- (SIMATIC Logon Event Logging) SRV - [2011-12-28 20:33:23 | 001,311,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\SimaticLogon\sldm_x.exe -- (SIMATIC Logon Device Manager) SRV - [2011-12-28 20:33:22 | 001,572,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx) SRV - [2011-12-28 20:33:22 | 000,237,568 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX) SRV - [2011-12-28 20:33:21 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe -- (s7asysvx) SRV - [2011-12-28 20:33:18 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011-12-28 20:33:15 | 000,106,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2011-12-28 20:33:13 | 000,864,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2011-12-28 20:32:44 | 000,204,288 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Siemens\SimaticLogon\slra_servicex.exe -- (SlraService) SRV - [2011-12-28 20:32:43 | 000,154,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe -- (SCSMonitor) SRV - [2011-12-28 20:19:25 | 000,231,424 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe -- (CCEServer) SRV - [2011-12-28 20:08:37 | 000,347,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\CCAgent.exe -- (CCAgent) SRV - [2011-12-28 20:08:25 | 001,990,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2011-12-28 20:06:47 | 000,339,968 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2011-12-28 20:06:44 | 000,217,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2011-12-28 20:06:43 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011-12-28 20:06:39 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011-12-28 20:06:37 | 002,059,776 | ---- | M] () [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2011-12-28 20:06:15 | 001,102,848 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe -- (almservice) SRV - [2011-08-31 23:26:34 | 000,666,624 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\WebNavigator\DataMonitor\bin\ReportScheduler.exe -- (ReportScheduler) SRV - [2011-08-31 22:06:22 | 001,401,344 | ---- | M] (SIEMENS AG) [Auto | Start_Pending] -- C:\Program Files\Siemens\WinCC\bin\CCProjectMgr.exe -- (CCProjectMgr) SRV - [2011-08-20 21:38:02 | 000,432,128 | ---- | M] (SIEMENS AG) [On_Demand | Running] -- C:\Program Files\Common Files\Siemens\BIN\CCLicenseService.exe -- (CCLicenseService) SRV - [2011-08-12 13:11:10 | 000,856,064 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\commonarchiving\CCRedundancyAgent.exe -- (CCRedundancyAgent-Service) SRV - [2011-08-12 13:09:24 | 000,098,304 | ---- | M] (SIEMENS AG) [Auto | Stopped] -- C:\Program Files\Common Files\Siemens\CommonArchiving\CCDBUtils.exe -- (CCDBUtils) SRV - [2011-08-12 13:08:54 | 000,733,184 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\commonarchiving\CCArchiveManager.exe -- (CCArchiveManagerService) SRV - [2011-07-28 23:38:12 | 000,254,464 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\bin\CCArchiveConnMon.exe -- (CCArchiveConnMon) SRV - [2011-07-28 22:54:44 | 000,304,128 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCSsmRTServer.exe -- (CCSsmRTServer) SRV - [2011-07-28 22:46:04 | 000,071,168 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCProfileServer.exe -- (CCProfileServer) SRV - [2011-07-28 22:44:14 | 000,360,960 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCAlgIAlarmDataCollector.exe -- (CCAlgIAlarmDataCollector) SRV - [2011-07-28 22:38:08 | 000,372,224 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTextServer.exe -- (CCTextServer) SRV - [2011-07-28 22:36:48 | 001,278,976 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCUsrAcv.exe -- (CCUsrAcv) SRV - [2011-07-28 22:22:58 | 000,448,512 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCPackageMgr.exe -- (CCPackageMgr) SRV - [2011-07-28 22:22:32 | 000,743,936 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCDeltaLoader.exe -- (CCDeltaLoader) SRV - [2011-07-28 22:21:58 | 000,280,576 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTMTimeSyncServer.exe -- (CCTMTimeSyncServer) SRV - [2011-07-28 22:21:08 | 000,645,120 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCNSInfo2Provider.exe -- (CCNSInfo2Provider) SRV - [2011-07-28 22:20:26 | 000,180,736 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCLBMRTServer.exe -- (CCLBMRTServer) SRV - [2011-07-28 22:20:08 | 000,424,448 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCCSigRTServer.exe -- (CCCSigRTServer) SRV - [2011-07-28 22:19:26 | 000,316,416 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCPtmRTServer.exe -- (CCPtmRTServer) SRV - [2011-06-30 12:32:22 | 000,201,728 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe -- (RedundancyState) SRV - [2011-06-30 12:32:14 | 000,472,576 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe -- (RedundancyControl) SRV - [2011-06-30 12:18:14 | 000,250,880 | ---- | M] (SIEMENS AG) [On_Demand | Running] -- C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe -- (CCEClient) SRV - [2011-05-13 15:17:34 | 000,660,480 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\BIN\CCPerfMon.exe -- (CCPerfMon) SRV - [2011-04-30 02:18:10 | 000,098,816 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CcAlgRtServer.exe -- (CCAlgRtServer) SRV - [2011-04-30 02:11:40 | 000,096,256 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCRtsLoader.exe -- (CCRtsLoader) SRV - [2011-04-30 02:09:00 | 000,069,120 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\bin\CCTlgServer.exe -- (CCTlgServer) SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010-08-16 16:55:30 | 000,323,072 | ---- | M] (SIEMENS AG) [Disabled | Stopped] -- C:\Program Files\Siemens\WinCC\OPC\HistDataAccess\bin\sopchdasrvrwincc.exe -- (OPCServerHDA.WinCC) SRV - [2010-08-16 16:53:36 | 000,173,568 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\CCRT2XML.exe -- (XR_CCOPC.XMLWrapper) SRV - [2010-08-16 16:53:12 | 000,331,776 | ---- | M] (SIEMENS AG) [Disabled | Stopped] -- C:\Program Files\Siemens\WinCC\OPC\DataAccess\bin\sopcsrvrwincc.exe -- (OPCServer.WinCC) SRV - [2010-08-16 16:52:34 | 000,326,656 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\WinCC\opc\XMLDataAccess\bin\DA2XML.exe -- (CCOPC.XMLWrapper) SRV - [2010-08-16 16:51:12 | 000,246,272 | ---- | M] (SIEMENS AG) [Disabled | Stopped] -- C:\Program Files\Siemens\WinCC\OPC\AlarmEvent\bin\sopcaesrvrwincc.exe -- (OPCServerAE.WinCC) SRV - [2009-10-27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-07-14 13:12:16 | 000,505,856 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7wnrmsx\s7wnrmsx.exe -- (SIMATIC NET RouteManager) SRV - [2009-07-14 13:03:26 | 001,050,624 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmsx.exe -- (StatMgr) SRV - [2009-06-29 20:56:16 | 001,777,664 | ---- | M] (SIEMENS AG) [On_Demand | Running] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binS7\scores7.exe -- (SIMATIC NET Core Server S7) SRV - [2009-06-29 20:46:14 | 000,626,768 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binpnio\scorepnio.exe -- (SIMATIC NET Core Server PROFINET IO) SRV - [2009-06-29 20:45:26 | 000,589,900 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binpd\scorepd.exe -- (SIMATIC NET Core Server PD) SRV - [2009-06-29 20:45:04 | 000,532,558 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bindp2\scoredp2.exe -- (SIMATIC NET Core Server DP2) SRV - [2009-06-29 20:44:42 | 000,720,976 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binsnmp\scoresnmp.exe -- (SIMATIC NET Core Server SNMP) SRV - [2009-06-29 20:43:00 | 000,643,148 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binPN\scorepn.exe -- (SIMATIC NET Core Server PROFINET CbA) SRV - [2009-06-29 20:42:14 | 000,704,588 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binDP\scoredp.exe -- (SIMATIC NET Core Server DP) SRV - [2009-06-29 20:41:48 | 000,602,190 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binFDL\scorefdl.exe -- (SIMATIC NET Core Server FDL) SRV - [2009-06-29 20:40:00 | 000,688,204 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binSR\scoresr.exe -- (SIMATIC NET Core Server SR) SRV - [2009-06-29 20:39:34 | 000,626,766 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binFMS\scorefms.exe -- (SIMATIC NET Core Server FMS) SRV - [2009-06-29 20:35:52 | 001,200,206 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\sservcfg.exe -- (SIMATIC NET Configuration Service) SRV - [2009-06-29 20:33:16 | 000,389,198 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\scorecfg.exe -- (SIMATIC NET Configuration Server) SRV - [2009-06-29 19:40:56 | 000,746,496 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\simnetpnpman.exe -- (SIMATIC NET P&P Manager) SRV - [2009-06-29 18:57:04 | 000,135,232 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\SimNetCom\sim9sync.exe -- (sim9sync) SRV - [2009-02-05 02:04:08 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum) SRV - [2008-07-14 23:43:10 | 000,024,576 | ---- | M] (OPC Foundation) [Auto | Running] -- C:\Program Files\Common Files\OPC Foundation\UA\v1.0\Bin\Opc.Ua.DiscoveryServer.exe -- (UA Local Discovery Server) SRV - [2008-04-25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transport Protocol (SMTP) SRV - [2008-04-15 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2005-10-06 17:46:38 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) [color=#E56717]========== Driver Services (SafeList) ==========[/color]

Dodano Dzisiaj, 11:05:
OTL par2:

Kod: Zaznacz wszystko: DRV - [2011-11-11 15:24:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011-04-20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011-03-10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010-10-08 15:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010-10-08 15:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010-10-08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010-10-08 15:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010-10-08 15:57:54 | 000,031,888 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2010-06-22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010-06-07 08:44:26 | 000,508,416 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\s7otranx.sys -- (s7otranx) DRV - [2010-06-07 08:43:06 | 000,134,144 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S7osobux.sys -- (S7osobux) DRV - [2010-06-07 08:42:40 | 000,173,568 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\s7osmcax.sys -- (s7osmcax) DRV - [2010-06-07 08:40:34 | 000,031,744 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7opcsrtx.sys -- (S7opcsrtx) PROFINET IO RT-Protocol (LLDP) DRV - [2010-06-07 08:39:06 | 000,077,312 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\S7odpx2x.sys -- (s7odpx2x) DRV - [2010-04-08 10:15:56 | 000,012,112 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\fwkbdrtm.sys -- (fwkbdrtm) DRV - [2010-03-18 17:57:18 | 000,024,576 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oupc2x.sys -- (s7oupc2x) DRV - [2010-01-24 14:53:02 | 000,336,128 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO) DRV - [2010-01-09 17:21:58 | 000,028,331 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dpmtrcdd.sys -- (Dpmtrcdd) DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-10-22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009-10-22 16:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2009-10-06 10:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009-10-06 10:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-10-06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-10-06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-10-06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-10-06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-06-29 21:00:38 | 000,050,816 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dpmcslv.sys -- (dpmcslv) DRV - [2009-06-29 19:41:14 | 000,024,064 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7sn2srtx.sys -- (s7sn2srtx) DRV - [2009-06-10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009-05-28 20:30:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2009-03-04 09:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009-02-24 18:39:58 | 000,073,088 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7snsrtx.sys -- (s7snsrtx) DRV - [2009-02-16 02:32:32 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2009-02-16 02:32:32 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2009-02-16 02:32:32 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2009-02-16 02:32:32 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2009-02-16 02:32:30 | 000,991,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2009-02-16 02:32:30 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009-02-06 04:39:02 | 000,809,984 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2009-01-28 16:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009-01-28 16:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2008-11-25 16:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-09-24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-19 05:57:20 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-08-13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008-05-12 19:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2008-05-08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008-04-15 13:00:00 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008-04-09 11:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2008-04-09 11:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2008-04-09 11:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2008-03-26 05:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm) DRV - [2008-03-26 05:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008-03-17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-03-07 11:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008-02-27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2008-02-22 14:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2008-02-15 10:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-11-29 09:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-07-30 03:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-07-30 02:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007-06-18 15:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2007-06-18 15:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007-06-18 15:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007-06-18 15:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007-06-18 15:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007-06-18 15:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007-06-18 15:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007-06-18 15:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007-02-08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007-02-08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005-09-28 16:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005-08-15 11:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv) DRV - [2005-08-15 11:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv) DRV - [2005-06-23 09:04:50 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser) DRV - [2005-06-23 09:04:50 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) FXA195 USB HART Modem device driver (WDM) DRV - [2004-11-30 08:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2002-11-13 09:40:28 | 000,002,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\FwKbd.sys -- (fwkbd) DRV - [2002-10-18 01:34:14 | 000,030,512 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s7oefs_x.sys -- (s7oefs_x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033 IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo PO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.1.0 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@vizlight.pl/deLight3D,version=1.4: C:\Program Files\deLight3D\npdelight3d.dll (vizLight) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-02-25 20:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011-12-29 14:54:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-12-29 14:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-12-29 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-21 21:45:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-02-25 20:24:31 | 000,000,000 | ---D | M] [2010-10-15 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Extensions [2010-10-15 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2012-01-02 08:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions [2010-09-22 19:45:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-31 13:58:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\nx0qtg4u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-01-02 08:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-09-01 20:31:38 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-03 07:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2010-11-02 09:58:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012-01-01 22:10:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2010-09-20 10:12:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-12-29 14:54:48 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011-04-14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-09-14 22:29:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-09-14 22:29:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-09-14 22:29:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-09-14 22:29:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-09-14 22:29:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-09-14 22:29:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-01-01 13:52:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [CCUCSurrogate.exe] C:\Program Files\Siemens\WinCC\bin\CCUCSurrogate.exe (SIEMENS AG) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [S7UB Start] C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG) O4 - HKLM..\Run: [simpcmon] C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\_simpcmon.exe (SIEMENS AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Stationmanager] C:\Program Files\Common Files\Siemens\S7wnsmsx\s7wnsmgx.exe (Siemens AG) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [WinCC flexible Smart Start] C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe (SIEMENS AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C68985A-DBCA-4107-9F12-32E5162DCCC5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (ALMXPMGR.EXE) -C:\WINDOWS\System32\AlmXpmgr.exe (SIEMENS AG) O20 - HKLM Winlogon: GinaDLL - (almxgina.dll) -C:\WINDOWS\System32\AlmXGina.dll (SIEMENS AG) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008-08-11 12:21:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-10 16:55:40 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-01-03 10:34:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012-01-02 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\RegCompact.NET [2012-01-02 14:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\RegCompact.NET [2012-01-02 14:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\PriceGong [2012-01-02 14:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\Free Registry Cleaner [2012-01-02 14:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner [2012-01-02 12:24:03 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL [2012-01-02 11:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\WINCC [2012-01-02 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OPC Foundation [2012-01-02 09:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2012-01-02 08:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft SQL Server 2005 [2012-01-01 22:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012-01-01 22:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\QuickStoresToolbar [2012-01-01 22:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012-01-01 21:20:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-01-01 12:12:05 | 000,081,920 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ImageDrive.cpl [2011-12-31 17:51:40 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011-12-31 17:16:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011-12-31 17:16:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011-12-31 17:16:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011-12-31 17:16:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011-12-31 17:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011-12-31 17:15:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-12-30 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\HiJackThis [2011-12-30 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-12-30 08:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\WinRAR [2011-12-29 20:56:03 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2011-12-29 20:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2011-12-29 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 2012 [2011-12-29 14:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\SQL Server Management Studio [2011-12-29 11:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2011-12-28 14:37:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\afa3a26e [2011-12-26 20:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Techland [2011-12-26 20:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Techland [2011-12-19 14:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\KalkulatorMB [2011-12-19 14:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\KalkulatorMB [2011-12-16 14:22:12 | 003,061,264 | ---- | C] (TeamViewer) -- C:\Documents and Settings\Piotr\Pulpit\TeamViewerQJ_pl-idm33235422.exe [2011-12-16 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TeamViewer 7 [2011-12-08 08:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Temp [2011-12-08 08:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Conduit [2011-12-07 08:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\.jenny [2011-02-01 10:58:26 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao350.dll [2010-09-20 09:59:51 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2010-09-20 09:59:48 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-01-03 10:40:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-01-03 10:38:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012-01-03 10:36:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-01-03 10:36:39 | 3214,962,688 | -HS- | M] () -- C:\hiberfil.sys [2012-01-03 07:08:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2012-01-02 14:42:40 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\RegCompact.NET.lnk [2012-01-02 14:04:42 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Eusing Free Registry Cleaner.lnk [2012-01-02 13:41:35 | 000,002,015 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2012-01-02 13:38:32 | 000,073,796 | ---- | M] () -- C:\WINDOWS\citamis.str [2012-01-02 13:30:24 | 000,001,156 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\WebConfigurator.lnk [2012-01-02 12:16:18 | 000,637,776 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-01-02 12:16:18 | 000,575,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-01-02 12:16:18 | 000,143,884 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-01-02 12:16:18 | 000,123,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-01-02 11:46:48 | 000,457,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-01-02 11:27:40 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SIMATIC WinCC Explorer.lnk [2012-01-02 11:26:41 | 000,008,824 | ---- | M] () -- C:\ReturnedFeatures.xml [2012-01-02 11:02:54 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Station Configurator.lnk [2012-01-01 22:30:58 | 008,820,054 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\sql error.bmp [2012-01-01 22:10:41 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\QuickStores.url [2012-01-01 13:52:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-12-31 20:11:39 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Piotr\default.pls [2011-12-31 20:11:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-12-31 17:51:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011-12-30 22:39:02 | 000,475,418 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Silent Runners.vbs [2011-12-30 22:30:22 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\HiJackThis.lnk [2011-12-30 15:54:27 | 005,496,991 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\db_dok.zip [2011-12-29 22:20:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-12-29 20:56:03 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2011-12-29 12:58:56 | 004,424,166 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\emaxplus.bmp [2011-12-28 22:46:39 | 000,015,421 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongZwykla.xml [2011-12-28 22:29:45 | 003,363,180 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Poradnik_Murowanie_z_YTONGa_10-2011.pdf [2011-12-28 21:38:33 | 000,020,557 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongEnergo.xml [2011-12-26 20:27:19 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Socrates 102.lnk [2011-12-23 14:56:02 | 000,001,338 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2011-12-23 14:55:22 | 000,195,977 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\GORGINA.plc [2011-12-23 08:23:09 | 000,000,164 | ---- | M] () -- C:\WINDOWS\Simatic.cfg [2011-12-21 14:47:29 | 000,008,585 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\flaga_EN.gif [2011-12-21 14:36:59 | 000,013,640 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Flaga_Gruzja.jpg [2011-12-21 14:26:11 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Flag_of_Georgia.svg [2011-12-20 10:41:13 | 000,005,709 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\YtongProjekt.xml [2011-12-19 21:06:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Y!Y! [2011-12-19 20:53:26 | 000,048,377 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Wniosek_o_zamkniecie_konta_Inteligo.pdf [2011-12-19 15:16:10 | 000,158,929 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\georgina_cip.plc [2011-12-16 14:22:15 | 003,061,264 | ---- | M] (TeamViewer) -- C:\Documents and Settings\Piotr\Pulpit\TeamViewerQJ_pl-idm33235422.exe [2011-12-14 10:55:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-12-14 09:17:07 | 000,886,764 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\odp___Rzuty_dachu.zip [2011-12-12 12:34:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\spider.sav [2011-12-06 11:41:00 | 000,503,034 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół odbioru dot. RE-51-11.pdf [2011-12-06 11:41:00 | 000,487,325 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół przekazania dokumnetacji technicznej dot. RE-51-11.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-01-02 14:42:40 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\RegCompact.NET.lnk [2012-01-02 14:04:42 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Eusing Free Registry Cleaner.lnk [2012-01-02 12:08:38 | 000,001,156 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\WebConfigurator.lnk [2012-01-02 11:27:40 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SIMATIC WinCC Explorer.lnk [2012-01-02 11:26:41 | 000,008,824 | ---- | C] () -- C:\ReturnedFeatures.xml [2012-01-02 11:02:54 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Station Configurator.lnk [2012-01-01 22:30:57 | 008,820,054 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\sql error.bmp [2012-01-01 22:10:41 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\QuickStores.url [2011-12-31 17:51:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011-12-31 17:51:55 | 000,262,400 | RHS- | C] () -- C:\cmldr [2011-12-31 17:16:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011-12-31 17:16:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011-12-31 17:16:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011-12-31 17:16:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011-12-31 17:16:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011-12-30 22:38:54 | 000,475,418 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Silent Runners.vbs [2011-12-30 22:30:22 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\HiJackThis.lnk [2011-12-30 15:54:23 | 005,496,991 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\db_dok.zip [2011-12-29 22:30:51 | 3214,962,688 | -HS- | C] () -- C:\hiberfil.sys [2011-12-29 12:58:56 | 004,424,166 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\emaxplus.bmp [2011-12-28 22:46:39 | 000,015,421 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongZwykla.xml [2011-12-28 22:29:44 | 003,363,180 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Poradnik_Murowanie_z_YTONGa_10-2011.pdf [2011-12-28 21:38:05 | 000,020,557 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongEnergo.xml [2011-12-26 20:27:19 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Socrates 102.lnk [2011-12-21 14:47:29 | 000,008,585 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\flaga_EN.gif [2011-12-21 14:28:16 | 000,013,640 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Flaga_Gruzja.jpg [2011-12-21 14:26:11 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Flag_of_Georgia.svg [2011-12-20 10:41:13 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\YtongProjekt.xml [2011-12-19 20:53:26 | 000,048,377 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Wniosek_o_zamkniecie_konta_Inteligo.pdf [2011-12-14 09:20:23 | 000,886,764 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\odp___Rzuty_dachu.zip [2011-12-13 16:03:39 | 000,158,929 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\georgina_cip.plc [2011-12-11 12:19:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Y!Y! [2011-12-07 16:02:31 | 000,195,977 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\GORGINA.plc [2011-12-06 11:41:00 | 000,503,034 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół odbioru dot. RE-51-11.pdf [2011-12-06 11:41:00 | 000,487,325 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Protokół przekazania dokumnetacji technicznej dot. RE-51-11.pdf [2011-11-30 16:52:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Lvdbed.INI [2011-11-30 13:42:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2011-07-18 14:37:19 | 000,531,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-04-11 15:28:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LBMCS.INI [2011-04-08 17:13:22 | 000,000,152 | ---- | C] () -- C:\WINDOWS\PTMCS.INI [2011-04-04 09:14:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011-03-17 08:15:03 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011-02-25 20:20:57 | 000,175,070 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2011-02-25 20:20:57 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2011-02-25 12:13:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011-02-15 07:10:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-02-01 11:19:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FwSim.INI [2011-02-01 11:16:01 | 000,104,633 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwDH485.sys [2011-02-01 11:16:01 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwKbd.sys [2011-02-01 11:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\fwkbd.exe [2011-02-01 11:08:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\ptuninst.exe [2011-02-01 11:02:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ptuninst.exe [2011-01-30 10:13:05 | 000,177,494 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2011-01-30 10:13:05 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2011-01-04 10:47:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011-01-04 08:29:21 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2010-12-03 13:30:06 | 000,604,912 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\wanancsp.dat [2010-11-10 21:19:28 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-02 09:58:31 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2010-11-02 09:58:31 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2010-09-29 21:19:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-09-29 06:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\rptrt.INI [2010-09-22 15:28:55 | 000,001,338 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-09-22 13:06:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VOLOV EReg.ini [2010-09-22 08:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010-09-21 07:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PDLSERV.INI [2010-09-21 06:19:52 | 000,023,152 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2010-09-21 06:19:52 | 000,001,092 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2010-09-21 06:19:35 | 000,058,750 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2010-09-21 06:19:35 | 000,014,972 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2010-09-21 06:19:34 | 000,018,031 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2010-09-20 18:46:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe [2010-09-20 14:23:31 | 000,002,015 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2010-09-20 12:15:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-09-20 10:23:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010-09-20 10:17:11 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2010-09-20 10:16:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010-09-20 10:16:07 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010-09-20 10:16:03 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2010-09-20 10:11:58 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010-09-20 10:11:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010-09-20 10:09:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2010-09-20 10:09:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2010-09-20 10:09:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2010-09-20 10:09:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2010-09-20 10:09:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2010-09-20 10:09:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2010-09-20 10:04:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010-09-20 10:00:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2010-09-20 10:00:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010-09-20 10:00:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010-09-20 10:00:54 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2010-09-20 10:00:54 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010-09-20 10:00:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe [2010-09-20 09:59:51 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2010-09-20 09:59:51 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2010-09-20 09:59:51 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2010-09-20 09:56:00 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config [2010-05-19 19:33:38 | 000,626,636 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw_5711.bin [2010-04-08 10:21:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\s7200L2.dll [2010-03-08 20:17:34 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\sn_regbase.dll [2009-11-19 14:27:34 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ep5711k.dll [2009-11-19 14:27:26 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ep5711j.dll [2009-09-09 19:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009-06-29 20:28:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sitdatisps.dll [2009-06-29 19:07:04 | 000,539,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw_5623.bin [2009-05-17 20:31:54 | 000,533,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw_5613a2.bin [2009-05-17 20:27:48 | 000,425,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\fw_5613.bin [2009-02-09 16:48:24 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008-12-15 10:11:14 | 000,979,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga5711.bin [2008-08-11 22:48:15 | 000,002,035 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008-08-11 22:10:42 | 000,637,776 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2008-08-11 22:10:42 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2008-08-11 22:10:42 | 000,143,884 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2008-08-11 22:10:42 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2008-08-11 22:10:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008-08-11 22:10:35 | 000,575,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008-08-11 22:10:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008-08-11 22:10:35 | 000,123,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008-08-11 22:10:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008-08-11 22:10:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008-08-11 22:10:34 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008-08-11 22:10:34 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008-08-11 22:10:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008-08-11 22:10:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008-08-11 22:10:29 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008-08-11 22:10:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008-08-11 14:15:46 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-08-11 14:15:11 | 000,457,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008-08-11 12:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008-08-11 12:19:44 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005-12-21 16:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2005-12-21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005-12-21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2005-06-10 07:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll [2002-11-25 11:01:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2002-09-02 14:52:44 | 000,000,268 | ---- | C] () -- C:\WINDOWS\System32\s7sntfsx.ini [2002-06-24 17:44:10 | 003,026,989 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL [2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001-09-13 08:00:06 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\PASSCS.INI [1999-11-08 14:55:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\S7oformx.dll [1999-11-08 14:55:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\s7oformx.exe [1999-07-16 13:37:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\TDCTRL.dll [1996-12-19 14:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL [1996-12-19 14:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL < End of report >

**Posty:** 18165 · przez **wojtas** 03 Sty 2012, 19:33

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo PO Customized Web Search"
IE - HKU\S-1-5-21-1385138727-707899946-2752374668-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2481033
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2481033&SearchSource=2&q="
[2012-01-02 14:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\PriceGong
[2012-01-01 22:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Dane aplikacji\QuickStoresToolbar
[2012-01-01 21:20:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011-12-28 14:37:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\afa3a26e
[2012-01-03 10:38:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Na klawiaturze znajdź przycisk z flagą Windows oraz R ( naciśnij oba) wyskoczy okienko, w którym wklej:

"c:\documents and settings\Piotr\Moje dokumenty\Pobieranie\ComboFix.exe" /uninstall

i zatwierdź

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6
>>> Mozilla Firefox

napisz jak sytuacja z komputerem

Kto jest na forum