SystemLook 30.07.11 by jpshortstuff Log created at 21:43 on 15/01/2013 by Administrator Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"= 0x0000278d00 (2592000) "EnableMCA"= 0x0000000001 (1) "EnableMCE"= 0x0000000000 (0) "ExcludeFromKnownDlls"=" " "GlobalFlag"= 0x0000000000 (0) "HeapDeCommitFreeBlockThreshold"= 0x0000000000 (0) "HeapDeCommitTotalFreeThreshold"= 0x0000000000 (0) "HeapSegmentCommit"= 0x0000000000 (0) "HeapSegmentReserve"= 0x0000000000 (0) "ObjectDirectories"="\Windows \RPC Control" "ProtectionMode"= 0x0000000001 (1) "ResourceTimeoutCount"= 0x000009e340 (648000) "ProcessorControl"= 0x0000000002 (2) "RegisteredProcessors"= 0x0000000002 (2) "LicensedProcessors"= 0x0000000002 (2) "BootExecute"="" "PendingFileRenameOperations"="\??\C:\Documents and Settings\All Users\Dane aplikacji\AVG\AWL2012 \??\D:\_OTL\MovedFiles\01152013_212621\C_Documents and Settings\All Users\Dane aplikacji\AVG\AWL2012 \??\C:\Documents and Settings\All Users\Dane aplikacji\AVG\AWL2012 \??\D:\_OTL\MovedFiles\01152013_212621\C_Documents and Settings\All Users\Dane aplikacji\AVG\AWL2012 \??\C:\Documents and Settings\All Users\Dane aplikacji\AVG \??\D:\_OTL\MovedFiles\01152013_212621\C_Documents and Settings\All Users\Dane aplikacji\AVG" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppPatches] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA] ========== filefind ========== Searching for "autochk.exe" C:\cmdcons\autochk.exe --a---- 610304 bytes [16:54 10/01/2013] [20:51 14/04/2008] 4C51FACD394B6E4E3C3B745BDFBE2E33 C:\WINDOWS\ServicePackFiles\i386\autochk.exe ------- 610304 bytes [22:44 03/08/2004] [20:51 14/04/2008] 4C51FACD394B6E4E3C3B745BDFBE2E33 C:\WINDOWS\system32\autochk.exe --a---- 610304 bytes [16:50 26/10/2001] [20:51 14/04/2008] 4C51FACD394B6E4E3C3B745BDFBE2E33 -= EOF =-