_milan_ utworzono 17 września 2010 utworzono 17 września 2010 Witam, forum bardzomi pomogło z wyborem komputera, mam nadzieję że i pomożecie mi w sprawie tego problemu sprzet: http://www.morele.net/inventory/info/QOYyZK/ od około tygodnia mam problem z systemem, w pewnym momencie łapie freeza i nie pomaga zadne wicskanie klawiszy ani czekanie ( no, czekałem raz 10 minut), zostaje jedynie reset. Po resecie bios pyta sie jak uruchomic windows, a sam system nie informuje mnie o zadnym błędzie, poza komentarzem w podglądzie zdarzeń ze został nagle zzamkniety. Raz mi się stanął jak był wlączony bestplayer, raz jak włączałem bitcometa, pare razy podczas przegladania mozilli, raz podczas skanowania mks skanerem, ogólnie losowo. Wspomniany mks wykrył jakis plik heur.w32, a pozniej sie zaciął. Avast nic takiego nie znalazł, podobnie spybot i ad aware, teraz wywalilem avasta i zainstalowalem Microsoft essential. też nic nie wykrył. zdefragmentowałem dyski, wszystkie sa na 0%, wczenisej jeden był na 3%, wiec nawet nie było potrzeby. Pozdrawiam i z góry dziekuje za pomoc.
_milan_ komentarz 17 września 2010 Autor komentarz 17 września 2010 całośc logów? Pierwszy raz cos takiego robie, nie ma tam zadnych informacji które nie powinny byc pokazywane publicznie?
Tomek01 komentarz 17 września 2010 komentarz 17 września 2010 Jeśli masz coś do ukrycia Logi pokazują wszystkie aplikacje zainstalowane w Twoim systemie. Jeśli masz pirackie oprogramowanie to możesz sobie darować. Piratom nie pomagamy Nie zobaczę na pewno żadnych haseł czy zaszyfrowanych oraz ukrytych plików i folderów. To jest jedyny sposób bym wykluczył lub potwierdził infekcję. Bez obaw.
_milan_ komentarz 17 września 2010 Autor komentarz 17 września 2010 (edytowane) ok, spo juz wrzucam OTL extras [log]OTL Extras logfile created on: 2010-09-17 21:43:34 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,66 Gb Total Space | 21,41 Gb Free Space | 32,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 100,00 Gb Total Space | 55,34 Gb Free Space | 55,34% Space Free | Partition Type: NTFS Drive N: | 300,00 Gb Total Space | 215,09 Gb Free Space | 71,70% Space Free | Partition Type: NTFS Computer Name: ROBERT-KOMPUTER Current User Name: Robert Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .scr[@ = MicroStation Resource] -- Reg Error: Key error. File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .scr [@ = MicroStation Resource] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C2F83D3-3F75-4920-8E23-23A9FBADB35D}" = Microsoft Antimalware Service PL-PL Language Pack "{4483BEAE-D979-237E-EAA8-43F5E5A69B4A}" = ATI AVIVO64 Codecs "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007 "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D483C640-09C0-CA54-007D-20BE9FA99C72}" = ccc-utility64 "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F4EAF98E-197C-E203-FB2C-9FCAB5337473}" = ATI Catalyst Install Manager "CanonMyPrinter" = Canon My Printer "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft Security Essentials" = Microsoft Security Essentials "WinRAR archiver" = Archiwizator WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07B96515-9EF9-12B5-8A9A-B409E967BDBB}" = Catalyst Control Center Graphics Previews Vista "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{19FCAF1A-AD28-C086-B5A6-8E7A6DAB9B7B}" = ccc-core-static "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding "{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{257C7A78-535E-1450-C720-AE353876C816}" = Catalyst Control Center InstallProxy "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31DBA23B-55DA-48F5-B5B4-A031B722F648}" = MagicRotation "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution "{45CAC750-E555-6DE3-078F-C9A4C2DF8A3E}" = Catalyst Control Center Graphics Light "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA "{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-8000-0415-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2010 - Polski "{5783F2D7-8000-0415-1002-0060B0CE6BBA}" = Pakiet językowy AutoCAD Civil 3D 2010 – język polski "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74DEA59C-41C7-1B77-291F-43108DFBAB14}" = Catalyst Control Center Core Implementation "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium "{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88E4B682-219A-2656-44E1-18DF1F57EAE1}" = Catalyst Control Center Graphics Full Existing "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5C2D4E-5027-AC93-0531-B72C5625A0DD}" = CCC Help English "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core "{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications (R) Core - English "{95B4269C-7ED9-2E32-0E3D-3F446B495540}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1463F00-4E89-402E-7DD3-3CF0CE98F1FA}" = Catalyst Control Center Graphics Previews Common "{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision "{CF097717-F174-4144-954A-FBC4BF301045}" = Nero 7 Premium "{D4D9965A-A5F8-6CF6-33E7-A1EECC2E585B}" = Catalyst Control Center HydraVision Full "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14 "{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}" = AMD OverDrive "{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center "{EE01A751-1DB9-43F1-8747-F81E7477BFDA}" = Bentley MicroStation PowerDraft XM Edition 08.09.04.51 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLConventer 1.1 + skin s5620" = ALLConventer 1.1 + skin s5620 "AutoCAD Civil 3D 2010 - Polski" = AutoCAD Civil 3D 2010 - Polski "Autodesk Design Review 2010" = Autodesk Design Review 2010 "BitComet" = BitComet 1.22 "CANONIJPLM100" = PIXMA Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "CDisplay_is1" = CDisplay 1.8 "Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "foobar2000" = foobar2000 v1.1 "Foxit Reader" = Foxit Reader "InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic) "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "OverclockingCenter_is1" = OverclockingCenter "Rejestracja użytkownika drukarki Canon MP220 series" = Rejestracja użytkownika drukarki Canon MP220 series "Revo Uninstaller" = Revo Uninstaller 1.89 "SkanerOnline" = Skaner on-line mks_vir "Tlen.pl" = Tlen.pl [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-09-04 06:39:56 | Computer Name = Robert-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: draft.exe, wersja: 8.9.4.51, sygnatura czasowa: 0x468a8747 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b29c Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e1fe Identyfikator procesu powodującego błąd: 0xf34 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb4c08d868dd94 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Bentley\PowerDraft\draft.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: c1f992b0-b810-11df-8b88-4061868ec124 Error - 2010-09-04 08:38:57 | Computer Name = Robert-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Dolphin.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4bc3beff Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x0000000000051c30 Identyfikator procesu powodującego błąd: 0x714 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb4c2d1a301516 Ścieżka aplikacji powodującej błąd: N:\Gry\GAMECUBE\dolphin-2.0.win64\Dolphin.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 623d8550-b821-11df-8b88-4061868ec124 Error - 2010-09-04 15:53:52 | Computer Name = Robert-Komputer | Source = Application Hang | ID = 1002 Description = Program acad.exe w wersji 24.0.55.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: dd4 Godzina rozpoczęcia: 01cb4c6ab74d41d0 Godzina zakończenia: 11 Ścieżka aplikacji: C:\Program Files (x86)\AutoCAD Civil 3D 2010\acad.exe Identyfikator raportu: 0b70ec10-b85e-11df-a88f-4061868ec124 Error - 2010-09-05 13:00:04 | Computer Name = Robert-Komputer | Source = Windows Backup | ID = 4103 Description = Error - 2010-09-10 12:01:20 | Computer Name = Robert-Komputer | Source = Windows Search Service | ID = 3007 Description = Error - 2010-09-12 05:37:14 | Computer Name = Robert-Komputer | Source = Application Hang | ID = 1002 Description = Program nero.exe w wersji 7.10.1.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 844 Godzina rozpoczęcia: 01cb525ddac4e6b7 Godzina zakończenia: 9 Ścieżka aplikacji: C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe Identyfikator raportu: 280f623b-be51-11df-98b0-4061868ec124 Error - 2010-09-15 15:44:59 | Computer Name = Robert-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x4145efeb Nazwa modułu powodującego błąd: engine.dll_unloaded, wersja: 0.0.0.0, sygnatura czasowa: 0x4187fc99 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x20162170 Identyfikator procesu powodującego błąd: 0xf70 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb5507ea7fd08c Ścieżka aplikacji powodującej błąd: C:\Half-Life 2\Half-Life 2\hl2.exe Ścieżka modułu powodującego błąd: engine.dll Identyfikator raportu: b8be0016-c101-11df-bb98-4061868ec124 Error - 2010-09-16 18:52:04 | Computer Name = Robert-Komputer | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2010-09-17 13:11:12 | Computer Name = Robert-Komputer | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2010-09-17 14:45:34 | Computer Name = Robert-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.1.7600.16450, sygnatura czasowa: 0x4aebab8d Nazwa modułu powodującego błąd: DUI70.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdf25 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000030064 Identyfikator procesu powodującego błąd: 0x580 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb569826769c41 Ścieżka aplikacji powodującej błąd: C:\Windows\Explorer.EXE Ścieżka modułu powodującego błąd: C:\Windows\system32\DUI70.dll Identyfikator raportu: c0df95f5-c28b-11df-8aeb-4061868ec124 [ System Events ] Error - 2010-09-11 14:32:50 | Computer Name = Robert-Komputer | Source = Microsoft-Windows-WHEA-Logger | ID = 20 Description = Wystąpił krytyczny błąd sprzętowy. Składnik: mostek północny firmy AMD Źródło błędu: 3 Typ błędu: 11 Identyfikator procesora: 0 Widok szczegółów tego wpisu zawiera dodatkowe informacje. Error - 2010-09-13 10:23:53 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 16:15:20 na ?2010-?09-?13 było nieoczekiwane. Error - 2010-09-16 13:42:22 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 19:40:24 na ?2010-?09-?16 było nieoczekiwane. Error - 2010-09-16 14:54:03 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:51:18 na ?2010-?09-?16 było nieoczekiwane. Error - 2010-09-16 16:48:35 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 22:46:56 na ?2010-?09-?16 było nieoczekiwane. Error - 2010-09-16 17:23:11 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 23:21:30 na ?2010-?09-?16 było nieoczekiwane. Error - 2010-09-16 18:34:11 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 00:32:06 na ?2010-?09-?17 było nieoczekiwane. Error - 2010-09-16 18:52:04 | Computer Name = Robert-Komputer | Source = Service Control Manager | ID = 7030 Description = Usługa Lavasoft Ad-Aware Service jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error - 2010-09-17 13:11:12 | Computer Name = Robert-Komputer | Source = Service Control Manager | ID = 7031 Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-09-17 14:20:56 | Computer Name = Robert-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:19:16 na ?2010-?09-?17 było nieoczekiwane. < End of report > [/log] otl [log]OTL logfile created on: 2010-09-17 21:43:34 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,66 Gb Total Space | 21,41 Gb Free Space | 32,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 100,00 Gb Total Space | 55,34 Gb Free Space | 55,34% Space Free | Partition Type: NTFS Drive N: | 300,00 Gb Total Space | 215,09 Gb Free Space | 71,70% Space Free | Partition Type: NTFS Computer Name: ROBERT-KOMPUTER Current User Name: Robert Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe PRC - [2010-09-17 00:54:43 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-09-09 04:00:26 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010-09-09 04:00:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files (x86)\Tlen.pl\tlen.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe MOD - [2009-07-14 03:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll MOD - [2009-07-14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-07-14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-03-25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,117,584 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc) SRV:[b]64bit:[/b] - [2009-11-04 17:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-08-29 02:32:13 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-08-25 18:38:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-10-25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2010-07-09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:[b]64bit:[/b] - [2010-06-30 21:23:16 | 000,061,952 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:[b]64bit:[/b] - [2009-12-22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:[b]64bit:[/b] - [2009-11-24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-11-04 18:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-09-30 04:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:[b]64bit:[/b] - [2009-09-17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2009-07-27 09:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2008-11-04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune) DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010-08-12 14:15:22 | 000,016,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009-12-22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009-12-22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009-10-22 03:49:14 | 000,021,048 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver) DRV - [2009-03-05 06:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J) DRV - [2008-12-27 04:21:10 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter) DRV - [2008-12-19 04:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-09 04:00:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-09 04:00:26 | 000,000,000 | ---D | M] [2010-08-25 00:34:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions [2010-09-17 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\7pcj8uok.default\extensions [2010-08-25 00:34:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-25 19:39:54 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe () O4:[b]64bit:[/b] - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKCU..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk = C:\Windows\SysWow64\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010-09-17 21:29:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010-09-17 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010-09-17 00:54:47 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-09-17 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Sunbelt Software [2010-09-17 00:51:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010-09-16 23:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-09-14 06:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2010-09-12 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010-09-12 03:17:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\MotioninJoy_050002_amd64 [2010-09-12 02:00:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka10.09.10 praca [2010-09-11 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-11 21:59:34 | 001,093,632 | ---- | C] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-10 18:04:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010-09-10 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-09-10 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2010-09-09 19:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010-09-06 18:10:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-09-05 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2010-09-05 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C} [2010-09-05 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ClipboardManager [2010-09-05 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConventer Samsung Monte [2010-09-04 12:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2010-09-03 20:08:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Videos [2010-09-03 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\SelfMV [2010-09-03 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Samsung [2010-09-03 19:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010-09-03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:56:10 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdm.sys [2010-09-03 19:56:10 | 000,128,000 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bserd.sys [2010-09-03 19:56:10 | 000,127,488 | ---- | C] (MCCI) -- C:\Windows\SysNative\drivers\ss_bbus.sys [2010-09-03 19:56:10 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwhnt.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwh.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcmnt.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcm.sys [2010-09-03 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG [2010-09-03 19:55:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010-09-03 19:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-09-03 19:55:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-09-03 19:55:20 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2010-09-03 19:55:20 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2010-09-03 19:55:20 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys [2010-09-03 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010-09-03 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-09-03 19:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2010-09-03 19:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010-09-03 19:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2010-09-03 19:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung [2010-09-01 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft Games [2010-09-01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2010-08-31 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2010-08-31 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Alcohol 120% [2010-08-31 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Easy CD-DA Extractor [2010-08-31 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Easy CD-DA Extractor 12 [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 12 [2010-08-29 12:09:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ElevatedDiagnostics [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-08-29 02:24:50 | 000,000,000 | ---D | C] -- C:\Half-Life 2 [2010-08-29 02:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-08-28 23:22:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Last.fm [2010-08-28 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Canon [2010-08-28 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka [2010-08-28 09:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay [2010-08-28 02:36:31 | 000,061,952 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2010-08-28 02:36:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\MotioninJoy [2010-08-28 02:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2010-08-28 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps [2010-08-27 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Games [2010-08-27 22:03:55 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prey [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bentley Shared [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bentley [2010-08-26 00:57:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010-08-26 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mathsoft [2010-08-26 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Ahead [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-08-25 21:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2010-08-25 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010-08-25 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010-08-25 21:35:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010-08-25 21:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010-08-25 21:34:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010-08-25 21:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010-08-25 20:41:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Player Classic [2010-08-25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\robert 2 [2010-08-25 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Robert PRACA MGR [2010-08-25 20:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010-08-25 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010-08-25 20:17:35 | 000,000,000 | ---D | C] -- C:\ATI [2010-08-25 19:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010-08-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010-08-25 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010-08-25 18:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010-08-25 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Autodesk [2010-08-25 18:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Projects [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Project Templates [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Autodesk [2010-08-25 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoCAD Civil 3D 2010 [2010-08-25 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010-08-25 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2010-08-25 17:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2010-08-25 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations [2010-08-25 17:22:21 | 000,421,888 | ---- | C] (NVIDIA) -- C:\Windows\nvsulib.dll [2010-08-25 17:22:21 | 000,018,216 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclk64.sys [2010-08-25 17:22:21 | 000,006,912 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclock.sys [2010-08-25 17:22:20 | 001,622,016 | ---- | C] (NVIDIA) -- C:\Windows\NVBenchMarks.dll [2010-08-25 17:22:20 | 000,380,928 | ---- | C] (NVIDIA) -- C:\Windows\ntuneoem.dll [2010-08-25 17:22:20 | 000,045,056 | ---- | C] (NVIDIA) -- C:\Windows\NTuneGpu.dll [2010-08-25 17:22:20 | 000,028,672 | ---- | C] (NVIDIA) -- C:\Windows\AutoTuneScript.dll [2010-08-25 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI [2010-08-25 17:10:35 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2010-08-25 17:10:35 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll [2010-08-25 17:10:35 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2010-08-25 17:10:35 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2010-08-25 17:10:35 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll [2010-08-25 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2010-08-25 17:09:41 | 000,058,880 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2010-08-25 17:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2010-08-25 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010-08-25 17:04:36 | 000,121,872 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys [2010-08-25 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\skróty [2010-08-25 16:28:55 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-08-25 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-08-25 04:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010-08-25 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010-08-25 03:41:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010-08-25 01:46:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Sony Corporation [2010-08-25 01:27:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-08-25 01:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathcad [2010-08-25 01:21:04 | 000,827,392 | R--- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash.ocx [2010-08-25 01:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEC [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\mpvthook.dll [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\mpvthook.dll [2010-08-25 01:19:33 | 000,014,848 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\drivers\magicpvt.sys [2010-08-25 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicRotation [2010-08-25 01:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010-08-25 01:18:11 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2010-08-25 01:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTune Premium [2010-08-25 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\InstallShield [2010-08-25 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Macromedia [2010-08-25 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Adobe [2010-08-25 00:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mozilla [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mozilla [2010-08-25 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010-08-25 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\AskToolbar [2010-08-25 00:31:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-25 00:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet [2010-08-25 00:29:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\WinRAR [2010-08-25 00:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tlen.pl [2010-08-25 00:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tlen.pl [2010-08-25 00:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPI-PROJEKT [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2010-08-25 00:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2010-08-25 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010-08-25 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-25 00:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000 [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-08-24 23:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010-08-24 23:20:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Help [2010-08-24 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010-08-24 23:07:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-08-24 23:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010-08-24 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-08-24 22:59:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Ahead [2010-08-24 22:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2010-08-24 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Diagnostics [2010-08-24 19:01:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Games [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\ATI [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ATI [2010-08-24 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-08-24 18:56:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-08-24 18:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-08-24 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-08-24 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-24 01:37:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-08-24 01:37:24 | 000,000,000 | -HSD | C] -- C:\Boot [2010-08-24 00:46:07 | 000,000,000 | R--D | C] -- C:\Users\Robert\Searches [2010-08-24 00:45:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Identities [2010-08-24 00:45:54 | 000,000,000 | R--D | C] -- C:\Users\Robert\Contacts [2010-08-24 00:45:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\VirtualStore [2010-08-24 00:45:45 | 000,000,000 | --SD | C] -- C:\Users\Robert\AppData\Roaming\Microsoft [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Videos [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Saved Games [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Pictures [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Music [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Links [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Favorites [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Downloads [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Documents [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Desktop [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Ustawienia lokalne [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Temporary Internet Files [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Szablony [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\SendTo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Recent [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\PrintHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\NetHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje wideo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje obrazy [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Moje dokumenty [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moja muzyka [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Menu Start [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Historia [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Cookies [2010-08-24 00:45:45 | 000,000,000 | -H-D | C] -- C:\Users\Robert\AppData [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Temp [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Center Programs [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-08-24 00:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-08-24 00:38:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-08-24 00:38:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010-09-17 21:43:52 | 002,621,440 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 21:18:55 | 082,168,735 | ---- | M] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:42:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-09-17 20:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-09-17 20:42:52 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2010-09-17 20:42:14 | 004,809,982 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db [2010-09-17 20:14:33 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 00:51:48 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:30:58 | 036,217,292 | ---- | M] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-16 18:33:37 | 000,001,266 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk [2010-09-15 17:56:39 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-09-15 17:56:39 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-09-15 17:56:39 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-09-15 17:56:39 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-09-15 17:56:39 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-09-14 06:05:17 | 000,006,144 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-11 21:59:35 | 001,093,632 | ---- | M] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-08 16:13:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-09-07 00:06:33 | 000,000,595 | ---- | M] () -- C:\Users\Robert\Documents\ax_files.xml [2010-09-05 02:42:11 | 000,007,605 | ---- | M] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-03 19:50:28 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | M] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | M] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | M] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | M] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | M] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | M] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:18 | 000,000,703 | ---- | M] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | M] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:45:55 | 000,000,652 | ---- | M] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 22:03:55 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 20:14:03 | 000,001,468 | ---- | M] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 15:59:57 | 000,501,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-08-26 01:57:14 | 000,001,233 | ---- | M] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | M] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-26 00:14:10 | 000,140,464 | ---- | M] () -- C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT [2010-08-25 22:06:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | M] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:53:45 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini [2010-08-25 18:38:15 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | M] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:54 | 000,000,673 | ---- | M] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 16:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | M] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:19:33 | 000,000,108 | ---- | M] () -- C:\Windows\SysNative\driver.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-24 23:07:38 | 000,001,000 | ---- | M] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 19:06:59 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 01:37:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-08-24 00:45:45 | 000,000,020 | -HS- | M] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-08-24 00:39:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-08-12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010-07-09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-06-30 21:23:16 | 000,061,952 | ---- | M] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-09-17 21:17:06 | 082,168,735 | ---- | C] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:14:33 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 17:53:11 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010-09-17 00:51:48 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:28:48 | 036,217,292 | ---- | C] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-16 18:33:37 | 000,001,266 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk [2010-09-14 06:08:51 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-09-05 02:42:11 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-04 12:15:59 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010-09-03 20:07:42 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-03 19:50:28 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | C] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | C] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | C] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | C] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | C] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | C] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:06 | 000,000,703 | ---- | C] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 10:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Robert\Sti_Trace.log [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | C] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:46:03 | 000,000,652 | ---- | C] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 20:13:45 | 000,001,468 | ---- | C] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 01:57:14 | 000,001,233 | ---- | C] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | C] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-25 22:06:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | C] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:39:58 | 000,000,595 | ---- | C] () -- C:\Users\Robert\Documents\ax_files.xml [2010-08-25 18:38:15 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | C] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:42 | 000,000,673 | ---- | C] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 17:22:21 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2010-08-25 16:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | C] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:21:05 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2010-08-25 01:19:33 | 000,000,108 | ---- | C] () -- C:\Windows\SysNative\driver.dat [2010-08-25 01:19:33 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\magicpvt.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-25 00:14:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010-08-24 23:07:38 | 000,001,000 | ---- | C] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 01:37:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-08-24 01:37:24 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010-08-24 00:45:45 | 002,621,440 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 00:45:45 | 000,262,144 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG1 [2010-08-24 00:45:45 | 000,065,536 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 00:45:45 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:45:45 | 000,000,000 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG2 [2010-08-24 00:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-08-24 00:38:08 | 1609,965,568 | -HS- | C] () -- C:\hiberfil.sys [2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009-11-09 04:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2009-11-09 04:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2009-11-09 04:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2009-11-09 04:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-08-28 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-26 01:48:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-09-11 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-17 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-28 10:41:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canon [2010-09-17 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-24 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-25 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-08-28 02:36:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MotioninJoy [2010-09-03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-08-25 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2009-07-14 07:08:49 | 000,020,182 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] RSIT info [log]info.txt logfile of random's system information tool 1.08 2010-09-17 21:45:19 ======Uninstall list====== -->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {E9EA2604-8AC9-47D2-8F4B-6BF60787A357} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0415-1000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Ad-Aware-->"C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} ALLConventer 1.1 + skin s5620-->C:\Program Files (x86)\ALLConventer Samsung Monte\Uninstal.exe AMD OverDrive-->MsiExec.exe /X{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5} Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\SETUP.EXE" -runfromtemp -l0x0015 -removeonly ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E} AutoCAD Civil 3D 2010 - Polski-->C:\Program Files (x86)\AutoCAD Civil 3D 2010\Setup\Setup.exe /P {5783F2D7-8000-0415-0002-0060B0CE6BBA} /M ACAD /language pl-PL AutoCAD Civil 3D 2010 - Polski-->C:\Program Files (x86)\AutoCAD Civil 3D 2010\Setup\Setup.exe /P {5783F2D7-8000-0415-0002-0060B0CE6BBA} /M C3D /language pl-PL Autodesk Design Review 2010-->C:\Program Files (x86)\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR Bentley MicroStation PowerDraft XM Edition 08.09.04.51-->MsiExec.exe /I{EE01A751-1DB9-43F1-8747-F81E7477BFDA} BitComet 1.22-->C:\Program Files (x86)\BitComet\uninst.exe Canon MP Navigator EX 1.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 1.0\uninst.ini Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45} CDisplay 1.8-->"C:\Program Files (x86)\CDisplay\unins000.exe" Easy CD-DA Extractor 12-->"C:\Windows\Easy CD-DA Extractor 12\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml" foobar2000 v1.1-->"C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000 Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe Gears of War-->C:\Program Files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409 HydraVision-->MsiExec.exe /X{C6B29F03-4D97-3B4E-D906-70958E6B1448} IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\setup.exe" -runfromtemp -l0x0415 -removeonly Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47} K-Lite Codec Pack 6.0.4 (Basic)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" MagicRotation-->C:\Program Files (x86)\InstallShield Installation Information\{31DBA23B-55DA-48F5-B5B4-A031B722F648}\setup.exe -runfromtemp -l0x0009 -removeonly MagicTunePremium-->C:\Program Files (x86)\InstallShield Installation Information\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}\setup.exe -runfromtemp -l0x0015 -removeonly Mathcad 14 Help-->MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6} Mathcad 14 Resource Center-->MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC} Mathcad 14-->MsiExec.exe /I{E666A69B-A76D-43D5-AF28-4B2150A6EDE2} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual Basic Power Packs 3.0-->MsiExec.exe /I{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NapiProjekt 1.0.6.9-->"C:\Program Files (x86)\NAPI-PROJEKT\unins000.exe" Natural Color Pro-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9 Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OverclockingCenter-->"C:\Program Files (x86)\MSI\OverclockingCenter\unins000.exe" PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8} PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R Prey-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly Rejestracja użytkownika drukarki Canon MP220 series-->C:\Program Files (x86)\Canon\IJEREG\MP220 series\UNINST.EXE Revo Uninstaller 1.89-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA} Skaner on-line mks_vir-->C:\Windows\system32\SkanerOnlineUninstall.exe Sony Picture Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Tlen.pl-->"C:\Program Files (x86)\Tlen.pl\uninstall.exe" Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8} VIA Platforma Menedżera urządzeń-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" ======Hosts File====== 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com ======System event log====== Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Cryptographic Services weszła w stan stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20090714051424.262212-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Modules Installer weszła w stan stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20090714051424.168612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Software Protection weszła w stan stopped. Record Number: 3 Source Name: Service Control Manager Time Written: 20090714051424.059412-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Event Log weszła w stan stopped. Record Number: 2 Source Name: Service Control Manager Time Written: 20090714051424.012612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Volume Shadow Copy weszła w stan stopped. Record Number: 1 Source Name: Service Control Manager Time Written: 20090714051423.934612-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 900 Message: Usługa ochrony oprogramowania jest uruchamiana. Record Number: 5 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100823224026.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20100823223851.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20100823223847.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100823223843.288893-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20100823223843.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223830.730871-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1c0 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223830.730871-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x3090a Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223824.147660-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223821.558055-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223821.402055-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=3 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0502 -----------------EOF----------------- [/log] log [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Robert at 2010-09-17 21:45:10 Microsoft Windows 7 Home Premium System drive C: has 22 GB (33%) free of 67 GB Total RAM: 2047 MB (37% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:45:17, on 2010-09-17 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Tlen.pl\tlen.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Robert\Desktop\OTL.exe C:\Users\Robert\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Robert.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe O4 - HKCU\..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Startup: StikyNot.exe — skrót.lnk = C:\Windows\System32\StikyNot.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7805 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-09 2762240] "DelReg"=C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [2008-12-04 196608] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200] "MagicRotation"=C:\Program Files (x86)\MagicRotation\MagicPvt.exe [2009-06-19 1286144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Komunikator"=C:\Program Files (x86)\Tlen.pl\tlen.exe [2009-01-17 5853672] "AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] "KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [] C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup StikyNot.exe — skrót.lnk - C:\Windows\System32\StikyNot.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - C:\Windows\SysWOW64\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2010-09-17 21:45:10 ----D---- C:\rsit 2010-09-17 21:45:10 ----D---- C:\Program Files (x86)\trend micro 2010-09-17 20:14:36 ----D---- C:\Program Files (x86)\Microsoft Antimalware 2010-09-17 00:51:50 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 00:51:28 ----D---- C:\ProgramData\Lavasoft 2010-09-17 00:51:28 ----D---- C:\Program Files (x86)\Lavasoft 2010-09-17 00:49:03 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-09-17 00:49:03 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2010-09-15 22:58:07 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-09-14 06:08:51 ----A---- C:\Windows\SysWOW64\unrar.dll 2010-09-14 06:08:50 ----D---- C:\Program Files (x86)\K-Lite Codec Pack 2010-09-11 22:00:07 ----D---- C:\Users\Robert\AppData\Roaming\BESTplayer 2010-09-10 18:04:27 ----D---- C:\Windows\SysWOW64\xlive 2010-09-10 18:04:23 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2010-09-10 18:03:50 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2010-09-09 19:16:10 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-09-06 18:10:27 ----D---- C:\Windows\Minidump 2010-09-05 20:30:44 ----D---- C:\Program Files (x86)\VS Revo Group 2010-09-05 14:38:12 ----D---- C:\Program Files (x86)\ALLConventer Samsung Monte 2010-09-04 12:15:58 ----D---- C:\Program Files (x86)\PDFCreator 2010-09-04 12:15:58 ----A---- C:\Windows\SysWOW64\MSMPIDE.DLL 2010-09-03 19:58:58 ----D---- C:\ProgramData\PC Suite 2010-09-03 19:58:57 ----D---- C:\Users\Robert\AppData\Roaming\PC Suite 2010-09-03 19:55:20 ----A---- C:\Windows\SysWOW64\FsExService64.Exe 2010-09-03 19:55:20 ----A---- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys 2010-09-03 19:53:03 ----D---- C:\Program Files (x86)\PC Connectivity Solution 2010-09-03 19:51:20 ----D---- C:\Users\Robert\AppData\Roaming\Samsung 2010-09-03 19:50:30 ----D---- C:\Program Files (x86)\MarkAny 2010-09-03 19:50:29 ----D---- C:\ProgramData\Samsung 2010-09-03 19:50:22 ----D---- C:\Program Files (x86)\Samsung 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files\Samsung 2010-09-01 00:28:42 ----D---- C:\Users\Robert\AppData\Roaming\Microsoft Games 2010-09-01 00:09:32 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games 2010-08-31 23:47:48 ----D---- C:\Program Files (x86)\Microsoft Games 2010-08-31 16:56:38 ----D---- C:\ProgramData\Easy CD-DA Extractor 2010-08-31 16:56:37 ----D---- C:\Windows\Easy CD-DA Extractor 12 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Steam 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-08-29 02:24:50 ----D---- C:\Half-Life 2 2010-08-29 02:12:26 ----D---- C:\ProgramData\TEMP 2010-08-28 10:41:15 ----D---- C:\Users\Robert\AppData\Roaming\Canon 2010-08-28 09:33:10 ----D---- C:\Program Files (x86)\CDisplay 2010-08-28 02:36:31 ----D---- C:\Users\Robert\AppData\Roaming\MotioninJoy 2010-08-27 22:03:55 ----A---- C:\Windows\SysWOW64\CmdLineExt.dll 2010-08-27 22:02:11 ----D---- C:\Program Files (x86)\Prey 2010-08-26 01:48:06 ----D---- C:\Users\Robert\AppData\Roaming\Bentley 2010-08-26 01:47:00 ----D---- C:\ProgramData\Bentley 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Common Files\Bentley Shared 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Bentley 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll 2010-08-26 01:00:39 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll 2010-08-26 01:00:37 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-08-26 01:00:28 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-08-26 01:00:26 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-08-26 01:00:18 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-08-26 01:00:11 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-08-26 00:57:25 ----D---- C:\Windows\SysWOW64\directx 2010-08-26 00:09:59 ----D---- C:\Users\Robert\AppData\Roaming\Ahead 2010-08-26 00:09:08 ----D---- C:\ProgramData\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-08-25 21:40:55 ----D---- C:\ProgramData\CanonIJPLM 2010-08-25 21:35:28 ----HD---- C:\ProgramData\CanonBJ 2010-08-25 21:34:28 ----D---- C:\Program Files (x86)\Canon 2010-08-25 20:41:43 ----D---- C:\Users\Robert\AppData\Roaming\Media Player Classic 2010-08-25 20:24:15 ----D---- C:\ProgramData\ATI 2010-08-25 20:20:58 ----D---- C:\Program Files (x86)\ATI 2010-08-25 20:17:35 ----D---- C:\ATI 2010-08-25 19:46:41 ----D---- C:\Program Files (x86)\Microsoft Works 2010-08-25 19:46:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 2010-08-25 19:46:04 ----D---- C:\Windows\PCHEALTH 2010-08-25 19:46:04 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-25 19:37:04 ----D---- C:\Program Files (x86)\Alcohol Soft 2010-08-25 18:43:49 ----D---- C:\ProgramData\FLEXnet 2010-08-25 18:38:06 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared 2010-08-25 18:31:27 ----D---- C:\Users\Robert\AppData\Roaming\Autodesk 2010-08-25 18:31:27 ----D---- C:\Civil 3D Projects 2010-08-25 18:31:27 ----D---- C:\Civil 3D Project Templates 2010-08-25 18:30:59 ----D---- C:\Program Files (x86)\AutoCAD Civil 3D 2010 2010-08-25 18:30:52 ----D---- C:\ProgramData\Autodesk 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft SDKs 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-08-25 18:29:07 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-08-25 18:28:36 ----D---- C:\Program Files (x86)\Common Files\Designer 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Autodesk 2010-08-25 17:56:01 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-25 17:23:28 ----D---- C:\Program Files (x86)\AMD 2010-08-25 17:22:21 ----A---- C:\Windows\ver5.5.14.0.txt 2010-08-25 17:22:21 ----A---- C:\Windows\nvsulib.dll 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclock.sys 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclk64.sys 2010-08-25 17:22:21 ----A---- C:\Windows\Nvgpio.dll 2010-08-25 17:22:21 ----A---- C:\Windows\NVGfxOgl.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NVBenchMarks.dll 2010-08-25 17:22:20 ----A---- C:\Windows\ntuneoem.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NTuneGpu.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcr71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcp71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\MFC71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\AutoTuneScript.dll 2010-08-25 17:22:19 ----D---- C:\Program Files (x86)\MSI 2010-08-25 17:10:20 ----N---- C:\Windows\difxapi.dll 2010-08-25 17:10:19 ----D---- C:\Program Files (x86)\VIA 2010-08-25 17:09:23 ----D---- C:\Windows\SysWOW64\Atheros_L1e 2010-08-25 06:55:11 ----D---- C:\Windows\SysWOW64\Wat 2010-08-25 04:04:38 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-08-25 04:02:02 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-08-25 03:41:41 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-25 03:41:19 ----RHD---- C:\MSOCache 2010-08-25 03:05:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\ntdll.dll 2010-08-25 03:05:36 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-25 03:05:31 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-08-25 03:05:30 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-08-25 03:05:28 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc_isv.dll 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe 2010-08-25 03:05:16 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-08-25 03:05:15 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-08-25 03:05:13 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-25 03:04:57 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-25 03:04:56 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-25 03:04:53 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-25 03:04:51 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-08-25 03:04:51 ----A---- C:\Windows\explorer.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\wow32.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\user.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\setup16.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\instnm.exe 2010-08-25 03:04:49 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-25 03:04:41 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-25 03:04:38 ----A---- C:\Windows\SysWOW64\CPFilters.dll 2010-08-25 03:04:37 ----A---- C:\Windows\SysWOW64\psisdecd.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-08-25 03:04:26 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-08-25 03:04:24 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-08-25 01:46:46 ----D---- C:\Users\Robert\AppData\Roaming\Sony Corporation 2010-08-25 01:27:38 ----D---- C:\Users\Robert\AppData\Roaming\Mathsoft 2010-08-25 01:26:31 ----A---- C:\Windows\MC14_RC_IS_Log.txt 2010-08-25 01:26:07 ----D---- C:\Program Files (x86)\Mathcad 2010-08-25 01:26:04 ----A---- C:\Windows\MC14_Help_IS_Log.txt 2010-08-25 01:25:12 ----A---- C:\Windows\MC14_IS_LOG.txt 2010-08-25 01:21:05 ----A---- C:\Windows\SysWOW64\drivers\MTictwl.sys 2010-08-25 01:21:01 ----D---- C:\Program Files (x86)\SEC 2010-08-25 01:19:33 ----D---- C:\Program Files (x86)\MagicRotation 2010-08-25 01:19:33 ----A---- C:\Windows\mpvthook.dll 2010-08-25 01:19:14 ----D---- C:\ProgramData\InstallShield 2010-08-25 01:17:49 ----D---- C:\Program Files (x86)\MagicTune Premium 2010-08-25 01:17:41 ----D---- C:\Users\Robert\AppData\Roaming\InstallShield 2010-08-25 00:40:27 ----D---- C:\Users\Robert\AppData\Roaming\Macromedia 2010-08-25 00:40:26 ----D---- C:\Users\Robert\AppData\Roaming\Adobe 2010-08-25 00:38:56 ----D---- C:\Windows\SysWOW64\Macromed 2010-08-25 00:34:14 ----D---- C:\Users\Robert\AppData\Roaming\Mozilla 2010-08-25 00:34:10 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-25 00:31:26 ----D---- C:\Users\Robert\AppData\Roaming\BitComet 2010-08-25 00:31:25 ----D---- C:\Program Files (x86)\BitComet 2010-08-25 00:29:17 ----D---- C:\Users\Robert\AppData\Roaming\WinRAR 2010-08-25 00:27:24 ----D---- C:\Users\Robert\AppData\Roaming\Tlen.pl 2010-08-25 00:27:24 ----D---- C:\ProgramData\Tlen.pl 2010-08-25 00:27:19 ----D---- C:\Program Files (x86)\Tlen.pl 2010-08-25 00:26:54 ----D---- C:\Program Files (x86)\NAPI-PROJEKT 2010-08-25 00:26:02 ----D---- C:\Users\Robert\AppData\Roaming\IrfanView 2010-08-25 00:26:02 ----D---- C:\Program Files (x86)\IrfanView 2010-08-25 00:25:13 ----D---- C:\Program Files (x86)\Ask.com 2010-08-25 00:25:09 ----D---- C:\Program Files (x86)\Foxit Software 2010-08-25 00:24:35 ----D---- C:\Users\Robert\AppData\Roaming\foobar2000 2010-08-25 00:24:31 ----D---- C:\Program Files (x86)\foobar2000 2010-08-25 00:14:25 ----D---- C:\ProgramData\Alwil Software 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-08-24 23:20:38 ----D---- C:\ProgramData\Microsoft Help 2010-08-24 23:07:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-24 23:07:37 ----D---- C:\Program Files (x86)\Sony 2010-08-24 23:05:52 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-08-24 22:58:58 ----D---- C:\ProgramData\Ahead 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-08-24 18:58:09 ----D---- C:\Users\Robert\AppData\Roaming\ATI 2010-08-24 18:56:40 ----D---- C:\Program Files (x86)\ATI Technologies 2010-08-24 18:56:39 ----SHD---- C:\Windows\Installer 2010-08-24 17:39:39 ----D---- C:\Users\Robert\AppData\Roaming\Foxit Software 2010-08-24 01:37:37 ----D---- C:\Windows\Panther 2010-08-24 01:37:25 ----RASH---- C:\BOOTSECT.BAK 2010-08-24 01:37:24 ----SHD---- C:\Boot 2010-08-24 00:45:56 ----D---- C:\Users\Robert\AppData\Roaming\Identities 2010-08-24 00:45:45 ----SD---- C:\Users\Robert\AppData\Roaming\Microsoft 2010-08-24 00:45:45 ----D---- C:\Users\Robert\AppData\Roaming\Media Center Programs 2010-08-24 00:45:33 ----SHD---- C:\Recovery 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Ulubione 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Szablony 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Pulpit 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Menu Start 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dokumenty 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dane aplikacji 2010-08-24 00:40:54 ----D---- C:\Windows\SoftwareDistribution 2010-08-24 00:38:26 ----D---- C:\Windows\Prefetch 2010-08-24 00:38:09 ----ASH---- C:\pagefile.sys 2010-08-24 00:38:08 ----SHD---- C:\System Volume Information 2010-08-24 00:38:08 ----ASH---- C:\hiberfil.sys ======List of files/folders modified in the last 1 months====== 2010-09-17 21:45:10 ----RD---- C:\Program Files (x86) 2010-09-17 21:44:53 ----D---- C:\Windows\Temp 2010-09-17 20:43:17 ----HD---- C:\ProgramData 2010-09-17 20:21:55 ----D---- C:\Windows\Tasks 2010-09-17 20:14:36 ----SD---- C:\ProgramData\Microsoft 2010-09-17 20:14:33 ----RD---- C:\Program Files 2010-09-17 20:10:57 ----D---- C:\Windows\SysWOW64 2010-09-17 20:10:57 ----D---- C:\Windows 2010-09-17 17:57:31 ----D---- C:\Windows\System32 2010-09-17 00:51:19 ----D---- C:\Windows\winsxs 2010-09-16 23:32:17 ----D---- C:\Windows\Downloaded Program Files 2010-09-15 17:56:38 ----D---- C:\Windows\inf 2010-09-10 18:02:56 ----RSD---- C:\Windows\assembly 2010-09-09 22:25:52 ----D---- C:\PerfLogs 2010-09-06 20:58:48 ----D---- C:\Windows\Registration 2010-09-03 19:55:20 ----D---- C:\Windows\SysWOW64\drivers 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files 2010-08-30 20:00:04 ----D---- C:\Windows\Logs 2010-08-30 18:01:13 ----D---- C:\Windows\LiveKernelReports 2010-08-26 17:33:25 ----D---- C:\Windows\rescache 2010-08-26 00:13:30 ----RSD---- C:\Windows\Fonts 2010-08-26 00:13:28 ----D---- C:\Windows\ShellNew 2010-08-26 00:09:32 ----D---- C:\Windows\ehome 2010-08-25 21:40:15 ----RSD---- C:\Windows\Media 2010-08-25 21:35:25 ----D---- C:\Windows\twain_32 2010-08-25 20:02:02 ----D---- C:\Windows\debug 2010-08-25 19:54:30 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-08-25 19:54:29 ----D---- C:\Program Files (x86)\MSBuild 2010-08-25 19:53:47 ----D---- C:\Program Files (x86)\Common Files\System 2010-08-25 19:53:45 ----A---- C:\Windows\win.ini 2010-08-25 19:08:35 ----D---- C:\Windows\AppPatch 2010-08-25 18:39:51 ----D---- C:\Windows\Help 2010-08-25 18:38:59 ----D---- C:\Windows\Microsoft.NET 2010-08-25 06:55:17 ----D---- C:\Program Files (x86)\Windows Media Player 2010-08-25 06:55:16 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-25 06:55:15 ----D---- C:\Windows\SysWOW64\migration 2010-08-25 06:55:15 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-25 03:59:30 ----D---- C:\Windows\SysWOW64\pl-PL 2010-08-24 00:45:54 ----SHD---- C:\$Recycle.Bin 2010-08-24 00:45:42 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2006-08-28 13312] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [] R3 AODDriver;AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 18136] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [] S3 amlfssmm;amlfssmm; C:\Windows\SysWOW64\drivers\amlfssmm.sys [] S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2008-12-27 44344] S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-08-12 16928] S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080] S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-12-22 16448] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AODService;AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544] R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2009-12-22 95568] R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-09-17 1355928] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-25 651720] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-08-29 407336] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] momencik, własnie przeczytałem instrukcje co ustawic w otl, zaraz wstawie poprawne logi OTL V.2 OTL [log]OTL logfile created on: 2010-09-17 22:10:41 - Run 2 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,66 Gb Total Space | 21,40 Gb Free Space | 32,60% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 100,00 Gb Total Space | 55,34 Gb Free Space | 55,34% Space Free | Partition Type: NTFS Drive N: | 300,00 Gb Total Space | 215,09 Gb Free Space | 71,70% Space Free | Partition Type: NTFS Computer Name: ROBERT-KOMPUTER Current User Name: Robert Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe PRC - [2010-09-17 00:54:43 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-09-09 04:00:26 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010-09-09 04:00:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files (x86)\Tlen.pl\tlen.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe MOD - [2010-07-27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-04-07 09:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2010-03-24 08:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-12-11 09:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 09:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 03:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 03:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 03:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 03:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 03:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 03:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 03:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 03:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 03:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 03:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 03:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 03:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 03:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 03:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 03:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 03:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 03:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 03:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 03:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 03:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 03:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 03:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 03:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010-03-25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,117,584 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc) SRV:[b]64bit:[/b] - [2009-11-04 17:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-08-29 02:32:13 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-08-25 18:38:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-10-25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2010-07-09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:[b]64bit:[/b] - [2010-06-30 21:23:16 | 000,061,952 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:[b]64bit:[/b] - [2009-12-22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:[b]64bit:[/b] - [2009-11-24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-11-04 18:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-09-30 04:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:[b]64bit:[/b] - [2009-09-17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2009-07-27 09:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2008-11-04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune) DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010-08-12 14:15:22 | 000,016,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009-12-22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009-12-22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009-10-22 03:49:14 | 000,021,048 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver) DRV - [2009-03-05 06:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J) DRV - [2008-12-27 04:21:10 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter) DRV - [2008-12-19 04:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-09 04:00:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-09 04:00:26 | 000,000,000 | ---D | M] [2010-08-25 00:34:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions [2010-09-17 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\7pcj8uok.default\extensions [2010-08-25 00:34:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-25 19:39:54 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe () O4:[b]64bit:[/b] - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKCU..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk = C:\Windows\SysWow64\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - Service SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - Service SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-09-17 21:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010-09-17 21:45:10 | 000,000,000 | ---D | C] -- C:\rsit [2010-09-17 21:29:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010-09-17 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010-09-17 00:54:47 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-09-17 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Sunbelt Software [2010-09-17 00:51:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010-09-16 23:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-09-14 06:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2010-09-12 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010-09-12 03:17:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\MotioninJoy_050002_amd64 [2010-09-12 02:00:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka10.09.10 praca [2010-09-11 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-11 21:59:34 | 001,093,632 | ---- | C] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-10 18:04:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010-09-10 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-09-10 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2010-09-09 19:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010-09-06 18:10:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-09-05 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2010-09-05 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C} [2010-09-05 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ClipboardManager [2010-09-05 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConventer Samsung Monte [2010-09-04 12:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2010-09-03 20:08:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Videos [2010-09-03 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\SelfMV [2010-09-03 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Samsung [2010-09-03 19:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010-09-03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:56:10 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdm.sys [2010-09-03 19:56:10 | 000,128,000 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bserd.sys [2010-09-03 19:56:10 | 000,127,488 | ---- | C] (MCCI) -- C:\Windows\SysNative\drivers\ss_bbus.sys [2010-09-03 19:56:10 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwhnt.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwh.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcmnt.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcm.sys [2010-09-03 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG [2010-09-03 19:55:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010-09-03 19:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-09-03 19:55:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-09-03 19:55:20 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2010-09-03 19:55:20 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2010-09-03 19:55:20 | 000,016,448 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys [2010-09-03 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010-09-03 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-09-03 19:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2010-09-03 19:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010-09-03 19:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2010-09-03 19:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung [2010-09-01 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft Games [2010-09-01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2010-08-31 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2010-08-31 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Alcohol 120% [2010-08-31 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Easy CD-DA Extractor [2010-08-31 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Easy CD-DA Extractor 12 [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 12 [2010-08-29 12:09:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ElevatedDiagnostics [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-08-29 02:24:50 | 000,000,000 | ---D | C] -- C:\Half-Life 2 [2010-08-29 02:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-08-28 23:22:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Last.fm [2010-08-28 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Canon [2010-08-28 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka [2010-08-28 09:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay [2010-08-28 02:36:31 | 000,061,952 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys [2010-08-28 02:36:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\MotioninJoy [2010-08-28 02:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2010-08-28 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps [2010-08-27 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Games [2010-08-27 22:03:55 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prey [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bentley Shared [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bentley [2010-08-26 00:57:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010-08-26 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mathsoft [2010-08-26 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Ahead [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-08-25 21:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2010-08-25 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010-08-25 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010-08-25 21:35:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010-08-25 21:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010-08-25 21:34:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010-08-25 21:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010-08-25 20:41:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Player Classic [2010-08-25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\robert 2 [2010-08-25 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Robert PRACA MGR [2010-08-25 20:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010-08-25 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010-08-25 20:17:35 | 000,000,000 | ---D | C] -- C:\ATI [2010-08-25 19:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010-08-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010-08-25 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010-08-25 18:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010-08-25 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Autodesk [2010-08-25 18:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Projects [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Project Templates [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Autodesk [2010-08-25 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoCAD Civil 3D 2010 [2010-08-25 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010-08-25 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2010-08-25 17:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2010-08-25 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations [2010-08-25 17:22:21 | 000,421,888 | ---- | C] (NVIDIA) -- C:\Windows\nvsulib.dll [2010-08-25 17:22:21 | 000,018,216 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclk64.sys [2010-08-25 17:22:21 | 000,006,912 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclock.sys [2010-08-25 17:22:20 | 001,622,016 | ---- | C] (NVIDIA) -- C:\Windows\NVBenchMarks.dll [2010-08-25 17:22:20 | 000,380,928 | ---- | C] (NVIDIA) -- C:\Windows\ntuneoem.dll [2010-08-25 17:22:20 | 000,045,056 | ---- | C] (NVIDIA) -- C:\Windows\NTuneGpu.dll [2010-08-25 17:22:20 | 000,028,672 | ---- | C] (NVIDIA) -- C:\Windows\AutoTuneScript.dll [2010-08-25 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI [2010-08-25 17:10:35 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2010-08-25 17:10:35 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll [2010-08-25 17:10:35 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2010-08-25 17:10:35 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2010-08-25 17:10:35 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll [2010-08-25 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2010-08-25 17:09:41 | 000,058,880 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2010-08-25 17:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2010-08-25 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010-08-25 17:04:36 | 000,121,872 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys [2010-08-25 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\skróty [2010-08-25 16:28:55 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-08-25 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-08-25 04:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010-08-25 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010-08-25 03:41:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010-08-25 01:46:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Sony Corporation [2010-08-25 01:27:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-08-25 01:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathcad [2010-08-25 01:21:04 | 000,827,392 | R--- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash.ocx [2010-08-25 01:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEC [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\mpvthook.dll [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\mpvthook.dll [2010-08-25 01:19:33 | 000,014,848 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\drivers\magicpvt.sys [2010-08-25 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicRotation [2010-08-25 01:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010-08-25 01:18:11 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2010-08-25 01:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTune Premium [2010-08-25 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\InstallShield [2010-08-25 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Macromedia [2010-08-25 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Adobe [2010-08-25 00:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mozilla [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mozilla [2010-08-25 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010-08-25 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\AskToolbar [2010-08-25 00:31:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-25 00:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet [2010-08-25 00:29:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\WinRAR [2010-08-25 00:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tlen.pl [2010-08-25 00:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tlen.pl [2010-08-25 00:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPI-PROJEKT [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2010-08-25 00:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2010-08-25 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010-08-25 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-25 00:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000 [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-08-24 23:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010-08-24 23:20:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Help [2010-08-24 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010-08-24 23:07:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-08-24 23:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010-08-24 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-08-24 22:59:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Ahead [2010-08-24 22:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2010-08-24 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Diagnostics [2010-08-24 19:01:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Games [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\ATI [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ATI [2010-08-24 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-08-24 18:56:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-08-24 18:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-08-24 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-08-24 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-24 01:37:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-08-24 01:37:24 | 000,000,000 | -HSD | C] -- C:\Boot [2010-08-24 00:46:07 | 000,000,000 | R--D | C] -- C:\Users\Robert\Searches [2010-08-24 00:45:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Identities [2010-08-24 00:45:54 | 000,000,000 | R--D | C] -- C:\Users\Robert\Contacts [2010-08-24 00:45:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\VirtualStore [2010-08-24 00:45:45 | 000,000,000 | --SD | C] -- C:\Users\Robert\AppData\Roaming\Microsoft [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Videos [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Saved Games [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Pictures [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Music [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Links [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Favorites [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Downloads [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Documents [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Desktop [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Ustawienia lokalne [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Temporary Internet Files [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Szablony [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\SendTo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Recent [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\PrintHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\NetHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje wideo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje obrazy [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Moje dokumenty [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moja muzyka [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Menu Start [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Historia [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Cookies [2010-08-24 00:45:45 | 000,000,000 | -H-D | C] -- C:\Users\Robert\AppData [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Temp [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Center Programs [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-08-24 00:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-08-24 00:38:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-08-24 00:38:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-09-17 22:10:58 | 002,621,440 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT [2010-09-17 21:44:53 | 000,339,991 | ---- | M] () -- C:\Users\Robert\Desktop\RSIT.exe [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 21:18:55 | 082,168,735 | ---- | M] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:42:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-09-17 20:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-09-17 20:42:52 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2010-09-17 20:42:14 | 004,809,982 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db [2010-09-17 20:14:33 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 00:51:48 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:30:58 | 036,217,292 | ---- | M] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-16 18:33:37 | 000,001,266 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk [2010-09-15 17:56:39 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-09-15 17:56:39 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-09-15 17:56:39 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-09-15 17:56:39 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-09-15 17:56:39 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-09-14 06:05:17 | 000,006,144 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-11 21:59:35 | 001,093,632 | ---- | M] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-08 16:13:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-09-07 00:06:33 | 000,000,595 | ---- | M] () -- C:\Users\Robert\Documents\ax_files.xml [2010-09-05 02:42:11 | 000,007,605 | ---- | M] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-03 19:50:28 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | M] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | M] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | M] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | M] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | M] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | M] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:18 | 000,000,703 | ---- | M] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | M] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:45:55 | 000,000,652 | ---- | M] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 22:03:55 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 20:14:03 | 000,001,468 | ---- | M] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 15:59:57 | 000,501,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-08-26 01:57:14 | 000,001,233 | ---- | M] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | M] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-26 00:14:10 | 000,140,464 | ---- | M] () -- C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT [2010-08-25 22:06:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | M] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:53:45 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini [2010-08-25 18:38:15 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | M] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:54 | 000,000,673 | ---- | M] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 16:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | M] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:19:33 | 000,000,108 | ---- | M] () -- C:\Windows\SysNative\driver.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-24 23:07:38 | 000,001,000 | ---- | M] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 19:06:59 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 01:37:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-08-24 00:45:45 | 000,000,020 | -HS- | M] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-08-24 00:39:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-08-12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-09-17 21:44:51 | 000,339,991 | ---- | C] () -- C:\Users\Robert\Desktop\RSIT.exe [2010-09-17 21:17:06 | 082,168,735 | ---- | C] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:14:33 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 17:53:11 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010-09-17 00:51:48 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:28:48 | 036,217,292 | ---- | C] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-16 18:33:37 | 000,001,266 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk [2010-09-14 06:08:51 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-09-05 02:42:11 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-04 12:15:59 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010-09-03 20:07:42 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-03 19:50:28 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | C] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | C] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | C] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | C] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | C] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | C] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:06 | 000,000,703 | ---- | C] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 10:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Robert\Sti_Trace.log [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | C] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:46:03 | 000,000,652 | ---- | C] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 20:13:45 | 000,001,468 | ---- | C] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 01:57:14 | 000,001,233 | ---- | C] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | C] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-25 22:06:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | C] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:39:58 | 000,000,595 | ---- | C] () -- C:\Users\Robert\Documents\ax_files.xml [2010-08-25 18:38:15 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | C] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:42 | 000,000,673 | ---- | C] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 17:22:21 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2010-08-25 16:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | C] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:21:05 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2010-08-25 01:19:33 | 000,000,108 | ---- | C] () -- C:\Windows\SysNative\driver.dat [2010-08-25 01:19:33 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\magicpvt.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-25 00:14:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010-08-24 23:07:38 | 000,001,000 | ---- | C] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 01:37:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-08-24 01:37:24 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010-08-24 00:45:45 | 002,621,440 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 00:45:45 | 000,262,144 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG1 [2010-08-24 00:45:45 | 000,065,536 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 00:45:45 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:45:45 | 000,000,000 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG2 [2010-08-24 00:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-08-24 00:38:08 | 1609,965,568 | -HS- | C] () -- C:\hiberfil.sys [2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009-11-09 04:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2009-11-09 04:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2009-11-09 04:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2009-11-09 04:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-08-28 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-26 01:48:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-09-11 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-17 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-28 10:41:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canon [2010-09-17 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-24 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-25 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-08-28 02:36:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MotioninJoy [2010-09-03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-08-25 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2009-07-14 07:08:49 | 000,020,182 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-09-17 20:42:51 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log [2010-09-03 19:50:28 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-08-24 01:37:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-09-17 20:42:52 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2010-09-16 23:39:03 | 000,007,530 | ---- | M] () -- C:\mksbasel.cpp.log [2006-12-01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2010-09-17 20:42:52 | 2146,623,488 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report > [/log] log [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Robert at 2010-09-17 21:45:10 Microsoft Windows 7 Home Premium System drive C: has 22 GB (33%) free of 67 GB Total RAM: 2047 MB (37% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:45:17, on 2010-09-17 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Tlen.pl\tlen.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Robert\Desktop\OTL.exe C:\Users\Robert\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Robert.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe O4 - HKCU\..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O4 - Startup: StikyNot.exe — skrót.lnk = C:\Windows\System32\StikyNot.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7805 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-09 2762240] "DelReg"=C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [2008-12-04 196608] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200] "MagicRotation"=C:\Program Files (x86)\MagicRotation\MagicPvt.exe [2009-06-19 1286144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Komunikator"=C:\Program Files (x86)\Tlen.pl\tlen.exe [2009-01-17 5853672] "AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] "KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600] "RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [] C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup StikyNot.exe — skrót.lnk - C:\Windows\System32\StikyNot.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - C:\Windows\SysWOW64\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2010-09-17 21:45:10 ----D---- C:\rsit 2010-09-17 21:45:10 ----D---- C:\Program Files (x86)\trend micro 2010-09-17 20:14:36 ----D---- C:\Program Files (x86)\Microsoft Antimalware 2010-09-17 00:51:50 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 00:51:28 ----D---- C:\ProgramData\Lavasoft 2010-09-17 00:51:28 ----D---- C:\Program Files (x86)\Lavasoft 2010-09-17 00:49:03 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-09-17 00:49:03 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2010-09-15 22:58:07 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-09-14 06:08:51 ----A---- C:\Windows\SysWOW64\unrar.dll 2010-09-14 06:08:50 ----D---- C:\Program Files (x86)\K-Lite Codec Pack 2010-09-11 22:00:07 ----D---- C:\Users\Robert\AppData\Roaming\BESTplayer 2010-09-10 18:04:27 ----D---- C:\Windows\SysWOW64\xlive 2010-09-10 18:04:23 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2010-09-10 18:03:50 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2010-09-09 19:16:10 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-09-06 18:10:27 ----D---- C:\Windows\Minidump 2010-09-05 20:30:44 ----D---- C:\Program Files (x86)\VS Revo Group 2010-09-05 14:38:12 ----D---- C:\Program Files (x86)\ALLConventer Samsung Monte 2010-09-04 12:15:58 ----D---- C:\Program Files (x86)\PDFCreator 2010-09-04 12:15:58 ----A---- C:\Windows\SysWOW64\MSMPIDE.DLL 2010-09-03 19:58:58 ----D---- C:\ProgramData\PC Suite 2010-09-03 19:58:57 ----D---- C:\Users\Robert\AppData\Roaming\PC Suite 2010-09-03 19:55:20 ----A---- C:\Windows\SysWOW64\FsExService64.Exe 2010-09-03 19:55:20 ----A---- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys 2010-09-03 19:53:03 ----D---- C:\Program Files (x86)\PC Connectivity Solution 2010-09-03 19:51:20 ----D---- C:\Users\Robert\AppData\Roaming\Samsung 2010-09-03 19:50:30 ----D---- C:\Program Files (x86)\MarkAny 2010-09-03 19:50:29 ----D---- C:\ProgramData\Samsung 2010-09-03 19:50:22 ----D---- C:\Program Files (x86)\Samsung 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files\Samsung 2010-09-01 00:28:42 ----D---- C:\Users\Robert\AppData\Roaming\Microsoft Games 2010-09-01 00:09:32 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games 2010-08-31 23:47:48 ----D---- C:\Program Files (x86)\Microsoft Games 2010-08-31 16:56:38 ----D---- C:\ProgramData\Easy CD-DA Extractor 2010-08-31 16:56:37 ----D---- C:\Windows\Easy CD-DA Extractor 12 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Steam 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-08-29 02:24:50 ----D---- C:\Half-Life 2 2010-08-29 02:12:26 ----D---- C:\ProgramData\TEMP 2010-08-28 10:41:15 ----D---- C:\Users\Robert\AppData\Roaming\Canon 2010-08-28 09:33:10 ----D---- C:\Program Files (x86)\CDisplay 2010-08-28 02:36:31 ----D---- C:\Users\Robert\AppData\Roaming\MotioninJoy 2010-08-27 22:03:55 ----A---- C:\Windows\SysWOW64\CmdLineExt.dll 2010-08-27 22:02:11 ----D---- C:\Program Files (x86)\Prey 2010-08-26 01:48:06 ----D---- C:\Users\Robert\AppData\Roaming\Bentley 2010-08-26 01:47:00 ----D---- C:\ProgramData\Bentley 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Common Files\Bentley Shared 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Bentley 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll 2010-08-26 01:00:39 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll 2010-08-26 01:00:37 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-08-26 01:00:28 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-08-26 01:00:26 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-08-26 01:00:18 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-08-26 01:00:11 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-08-26 00:57:25 ----D---- C:\Windows\SysWOW64\directx 2010-08-26 00:09:59 ----D---- C:\Users\Robert\AppData\Roaming\Ahead 2010-08-26 00:09:08 ----D---- C:\ProgramData\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-08-25 21:40:55 ----D---- C:\ProgramData\CanonIJPLM 2010-08-25 21:35:28 ----HD---- C:\ProgramData\CanonBJ 2010-08-25 21:34:28 ----D---- C:\Program Files (x86)\Canon 2010-08-25 20:41:43 ----D---- C:\Users\Robert\AppData\Roaming\Media Player Classic 2010-08-25 20:24:15 ----D---- C:\ProgramData\ATI 2010-08-25 20:20:58 ----D---- C:\Program Files (x86)\ATI 2010-08-25 20:17:35 ----D---- C:\ATI 2010-08-25 19:46:41 ----D---- C:\Program Files (x86)\Microsoft Works 2010-08-25 19:46:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 2010-08-25 19:46:04 ----D---- C:\Windows\PCHEALTH 2010-08-25 19:46:04 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-25 19:37:04 ----D---- C:\Program Files (x86)\Alcohol Soft 2010-08-25 18:43:49 ----D---- C:\ProgramData\FLEXnet 2010-08-25 18:38:06 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared 2010-08-25 18:31:27 ----D---- C:\Users\Robert\AppData\Roaming\Autodesk 2010-08-25 18:31:27 ----D---- C:\Civil 3D Projects 2010-08-25 18:31:27 ----D---- C:\Civil 3D Project Templates 2010-08-25 18:30:59 ----D---- C:\Program Files (x86)\AutoCAD Civil 3D 2010 2010-08-25 18:30:52 ----D---- C:\ProgramData\Autodesk 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft SDKs 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-08-25 18:29:07 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-08-25 18:28:36 ----D---- C:\Program Files (x86)\Common Files\Designer 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Autodesk 2010-08-25 17:56:01 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-25 17:23:28 ----D---- C:\Program Files (x86)\AMD 2010-08-25 17:22:21 ----A---- C:\Windows\ver5.5.14.0.txt 2010-08-25 17:22:21 ----A---- C:\Windows\nvsulib.dll 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclock.sys 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclk64.sys 2010-08-25 17:22:21 ----A---- C:\Windows\Nvgpio.dll 2010-08-25 17:22:21 ----A---- C:\Windows\NVGfxOgl.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NVBenchMarks.dll 2010-08-25 17:22:20 ----A---- C:\Windows\ntuneoem.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NTuneGpu.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcr71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcp71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\MFC71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\AutoTuneScript.dll 2010-08-25 17:22:19 ----D---- C:\Program Files (x86)\MSI 2010-08-25 17:10:20 ----N---- C:\Windows\difxapi.dll 2010-08-25 17:10:19 ----D---- C:\Program Files (x86)\VIA 2010-08-25 17:09:23 ----D---- C:\Windows\SysWOW64\Atheros_L1e 2010-08-25 06:55:11 ----D---- C:\Windows\SysWOW64\Wat 2010-08-25 04:04:38 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-08-25 04:02:02 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-08-25 03:41:41 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-25 03:41:19 ----RHD---- C:\MSOCache 2010-08-25 03:05:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\ntdll.dll 2010-08-25 03:05:36 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-25 03:05:31 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-08-25 03:05:30 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-08-25 03:05:28 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc_isv.dll 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe 2010-08-25 03:05:16 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-08-25 03:05:15 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-08-25 03:05:13 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-25 03:04:57 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-25 03:04:56 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-25 03:04:53 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-25 03:04:51 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-08-25 03:04:51 ----A---- C:\Windows\explorer.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\wow32.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\user.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\setup16.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\instnm.exe 2010-08-25 03:04:49 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-25 03:04:41 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-25 03:04:38 ----A---- C:\Windows\SysWOW64\CPFilters.dll 2010-08-25 03:04:37 ----A---- C:\Windows\SysWOW64\psisdecd.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-08-25 03:04:26 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-08-25 03:04:24 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-08-25 01:46:46 ----D---- C:\Users\Robert\AppData\Roaming\Sony Corporation 2010-08-25 01:27:38 ----D---- C:\Users\Robert\AppData\Roaming\Mathsoft 2010-08-25 01:26:31 ----A---- C:\Windows\MC14_RC_IS_Log.txt 2010-08-25 01:26:07 ----D---- C:\Program Files (x86)\Mathcad 2010-08-25 01:26:04 ----A---- C:\Windows\MC14_Help_IS_Log.txt 2010-08-25 01:25:12 ----A---- C:\Windows\MC14_IS_LOG.txt 2010-08-25 01:21:05 ----A---- C:\Windows\SysWOW64\drivers\MTictwl.sys 2010-08-25 01:21:01 ----D---- C:\Program Files (x86)\SEC 2010-08-25 01:19:33 ----D---- C:\Program Files (x86)\MagicRotation 2010-08-25 01:19:33 ----A---- C:\Windows\mpvthook.dll 2010-08-25 01:19:14 ----D---- C:\ProgramData\InstallShield 2010-08-25 01:17:49 ----D---- C:\Program Files (x86)\MagicTune Premium 2010-08-25 01:17:41 ----D---- C:\Users\Robert\AppData\Roaming\InstallShield 2010-08-25 00:40:27 ----D---- C:\Users\Robert\AppData\Roaming\Macromedia 2010-08-25 00:40:26 ----D---- C:\Users\Robert\AppData\Roaming\Adobe 2010-08-25 00:38:56 ----D---- C:\Windows\SysWOW64\Macromed 2010-08-25 00:34:14 ----D---- C:\Users\Robert\AppData\Roaming\Mozilla 2010-08-25 00:34:10 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-25 00:31:26 ----D---- C:\Users\Robert\AppData\Roaming\BitComet 2010-08-25 00:31:25 ----D---- C:\Program Files (x86)\BitComet 2010-08-25 00:29:17 ----D---- C:\Users\Robert\AppData\Roaming\WinRAR 2010-08-25 00:27:24 ----D---- C:\Users\Robert\AppData\Roaming\Tlen.pl 2010-08-25 00:27:24 ----D---- C:\ProgramData\Tlen.pl 2010-08-25 00:27:19 ----D---- C:\Program Files (x86)\Tlen.pl 2010-08-25 00:26:54 ----D---- C:\Program Files (x86)\NAPI-PROJEKT 2010-08-25 00:26:02 ----D---- C:\Users\Robert\AppData\Roaming\IrfanView 2010-08-25 00:26:02 ----D---- C:\Program Files (x86)\IrfanView 2010-08-25 00:25:13 ----D---- C:\Program Files (x86)\Ask.com 2010-08-25 00:25:09 ----D---- C:\Program Files (x86)\Foxit Software 2010-08-25 00:24:35 ----D---- C:\Users\Robert\AppData\Roaming\foobar2000 2010-08-25 00:24:31 ----D---- C:\Program Files (x86)\foobar2000 2010-08-25 00:14:25 ----D---- C:\ProgramData\Alwil Software 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-08-24 23:20:38 ----D---- C:\ProgramData\Microsoft Help 2010-08-24 23:07:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-24 23:07:37 ----D---- C:\Program Files (x86)\Sony 2010-08-24 23:05:52 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-08-24 22:58:58 ----D---- C:\ProgramData\Ahead 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-08-24 18:58:09 ----D---- C:\Users\Robert\AppData\Roaming\ATI 2010-08-24 18:56:40 ----D---- C:\Program Files (x86)\ATI Technologies 2010-08-24 18:56:39 ----SHD---- C:\Windows\Installer 2010-08-24 17:39:39 ----D---- C:\Users\Robert\AppData\Roaming\Foxit Software 2010-08-24 01:37:37 ----D---- C:\Windows\Panther 2010-08-24 01:37:25 ----RASH---- C:\BOOTSECT.BAK 2010-08-24 01:37:24 ----SHD---- C:\Boot 2010-08-24 00:45:56 ----D---- C:\Users\Robert\AppData\Roaming\Identities 2010-08-24 00:45:45 ----SD---- C:\Users\Robert\AppData\Roaming\Microsoft 2010-08-24 00:45:45 ----D---- C:\Users\Robert\AppData\Roaming\Media Center Programs 2010-08-24 00:45:33 ----SHD---- C:\Recovery 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Ulubione 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Szablony 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Pulpit 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Menu Start 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dokumenty 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dane aplikacji 2010-08-24 00:40:54 ----D---- C:\Windows\SoftwareDistribution 2010-08-24 00:38:26 ----D---- C:\Windows\Prefetch 2010-08-24 00:38:09 ----ASH---- C:\pagefile.sys 2010-08-24 00:38:08 ----SHD---- C:\System Volume Information 2010-08-24 00:38:08 ----ASH---- C:\hiberfil.sys ======List of files/folders modified in the last 1 months====== 2010-09-17 21:45:10 ----RD---- C:\Program Files (x86) 2010-09-17 21:44:53 ----D---- C:\Windows\Temp 2010-09-17 20:43:17 ----HD---- C:\ProgramData 2010-09-17 20:21:55 ----D---- C:\Windows\Tasks 2010-09-17 20:14:36 ----SD---- C:\ProgramData\Microsoft 2010-09-17 20:14:33 ----RD---- C:\Program Files 2010-09-17 20:10:57 ----D---- C:\Windows\SysWOW64 2010-09-17 20:10:57 ----D---- C:\Windows 2010-09-17 17:57:31 ----D---- C:\Windows\System32 2010-09-17 00:51:19 ----D---- C:\Windows\winsxs 2010-09-16 23:32:17 ----D---- C:\Windows\Downloaded Program Files 2010-09-15 17:56:38 ----D---- C:\Windows\inf 2010-09-10 18:02:56 ----RSD---- C:\Windows\assembly 2010-09-09 22:25:52 ----D---- C:\PerfLogs 2010-09-06 20:58:48 ----D---- C:\Windows\Registration 2010-09-03 19:55:20 ----D---- C:\Windows\SysWOW64\drivers 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files 2010-08-30 20:00:04 ----D---- C:\Windows\Logs 2010-08-30 18:01:13 ----D---- C:\Windows\LiveKernelReports 2010-08-26 17:33:25 ----D---- C:\Windows\rescache 2010-08-26 00:13:30 ----RSD---- C:\Windows\Fonts 2010-08-26 00:13:28 ----D---- C:\Windows\ShellNew 2010-08-26 00:09:32 ----D---- C:\Windows\ehome 2010-08-25 21:40:15 ----RSD---- C:\Windows\Media 2010-08-25 21:35:25 ----D---- C:\Windows\twain_32 2010-08-25 20:02:02 ----D---- C:\Windows\debug 2010-08-25 19:54:30 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-08-25 19:54:29 ----D---- C:\Program Files (x86)\MSBuild 2010-08-25 19:53:47 ----D---- C:\Program Files (x86)\Common Files\System 2010-08-25 19:53:45 ----A---- C:\Windows\win.ini 2010-08-25 19:08:35 ----D---- C:\Windows\AppPatch 2010-08-25 18:39:51 ----D---- C:\Windows\Help 2010-08-25 18:38:59 ----D---- C:\Windows\Microsoft.NET 2010-08-25 06:55:17 ----D---- C:\Program Files (x86)\Windows Media Player 2010-08-25 06:55:16 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-25 06:55:15 ----D---- C:\Windows\SysWOW64\migration 2010-08-25 06:55:15 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-25 03:59:30 ----D---- C:\Windows\SysWOW64\pl-PL 2010-08-24 00:45:54 ----SHD---- C:\$Recycle.Bin 2010-08-24 00:45:42 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2006-08-28 13312] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [] R3 AODDriver;AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 18136] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [] S3 amlfssmm;amlfssmm; C:\Windows\SysWOW64\drivers\amlfssmm.sys [] S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2008-12-27 44344] S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-08-12 16928] S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080] S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-12-22 16448] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AODService;AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544] R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2009-12-22 95568] R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-09-17 1355928] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-25 651720] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-08-29 407336] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log]
Tomek01 komentarz 17 września 2010 komentarz 17 września 2010 Odinstaluj Foxit toolbar, ew jeśli jest też Ask Toolbar. Widać też taki zapis: F2 - REG:system.ini: UserInit=userinit.exe Nie powinien się pojawiać w logu. Wejdź w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Zapis powinien wyglądać tak: [b]C:\Windows\system32\userinit.exe,[/b] Ten przecinek na końcu jest niezbędny ! W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :OTL O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk = C:\Windows\SysWow64\StikyNot.exe File not found :Files C:\Windows\SysWow64\FsExService64.Exe C:\Windows\SysWow64\drivers\TFsExDisk.Sys C:\Windows\SysNative\drivers\TFsExDisk.sys C:\Windows\SysNative\drivers\MijXfilt.sys C:\Users\Robert\AppData\Roaming\MotioninJoy C:\Program Files\MotioninJoy C:\Users\Robert\AppData\Local\AskToolbar C:\Program Files (x86)\Ask.com :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440}=- :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowy log OTL i RSIT. Na wirustotal przeskanuj poniższy plik: C:\Windows\SysWOW64\drivers\amlfssmm.sys
_milan_ komentarz 17 września 2010 Autor komentarz 17 września 2010 (edytowane) usuwanie [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully. C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StikyNot.exe — skrót.lnk moved successfully. ========== FILES ========== C:\Windows\SysWow64\FsExService64.Exe moved successfully. C:\Windows\SysWow64\drivers\TFsExDisk.Sys moved successfully. C:\Windows\SysNative\drivers\TFsExDisk.sys moved successfully. C:\Windows\SysNative\drivers\MijXfilt.sys moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\skins\default\images folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\skins\default folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\skins folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\javascript folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\html\english folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local\html folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\local folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update\drivers folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool\update folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy\DS3tool folder moved successfully. C:\Users\Robert\AppData\Roaming\MotioninJoy folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\skins\default\images folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\skins\default folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\skins folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\javascript folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\html\english folder moved successfully. C:\Program Files\MotioninJoy\ds3\local\html folder moved successfully. C:\Program Files\MotioninJoy\ds3\local folder moved successfully. C:\Program Files\MotioninJoy\ds3\drivers\x64 folder moved successfully. C:\Program Files\MotioninJoy\ds3\drivers folder moved successfully. C:\Program Files\MotioninJoy\ds3 folder moved successfully. C:\Program Files\MotioninJoy folder moved successfully. File\Folder C:\Users\Robert\AppData\Local\AskToolbar not found. File\Folder C:\Program Files (x86)\Ask.com not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Robert ->Temp folder emptied: 5687069 bytes ->Temporary Internet Files folder emptied: 56610621 bytes ->FireFox cache emptied: 93103194 bytes ->Flash cache emptied: 26994 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1227306 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50668 bytes RecycleBin emptied: 483560946 bytes Total Files Cleaned = 611,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09172010_223114 Files\Folders moved on Reboot... C:\Users\Robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... [/log] zaraz logi otl [log]OTL logfile created on: 2010-09-17 22:42:28 - Run 3 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 65,66 Gb Total Space | 23,75 Gb Free Space | 36,17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 100,00 Gb Total Space | 55,34 Gb Free Space | 55,34% Space Free | Partition Type: NTFS Drive N: | 300,00 Gb Total Space | 215,09 Gb Free Space | 71,70% Space Free | Partition Type: NTFS Computer Name: ROBERT-KOMPUTER Current User Name: Robert Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe PRC - [2010-09-17 00:54:43 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-09-09 04:00:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files (x86)\Tlen.pl\tlen.exe PRC - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (All) ==========[/color] SRV:[b]64bit:[/b] - [2010-08-25 04:00:33 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:[b]64bit:[/b] - [2010-08-21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:[b]64bit:[/b] - [2010-03-25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,117,584 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc) SRV:[b]64bit:[/b] - [2009-11-04 17:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:59 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:[b]64bit:[/b] - [2009-07-14 03:41:58 | 002,018,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM) SRV:[b]64bit:[/b] - [2009-07-14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:57 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum) SRV:[b]64bit:[/b] - [2009-07-14 03:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,366,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\upnphost.dll -- (upnphost) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\uxsms.dll -- (UxSms) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS) SRV:[b]64bit:[/b] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 001,780,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sysmain.dll -- (SysMain) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,390,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Sens.dll -- (SENS) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b]64bit:[/b] - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009-07-14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV:[b]64bit:[/b] - [2009-07-14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b]64bit:[/b] - [2009-07-14 03:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:[b]64bit:[/b] - [2009-07-14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER) SRV:[b]64bit:[/b] - [2009-07-14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b]64bit:[/b] - [2009-07-14 03:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009-07-14 03:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts) SRV:[b]64bit:[/b] - [2009-07-14 03:41:13 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI) SRV:[b]64bit:[/b] - [2009-07-14 03:41:10 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) SRV:[b]64bit:[/b] - [2009-07-14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b]64bit:[/b] - [2009-07-14 03:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum) SRV:[b]64bit:[/b] - [2009-07-14 03:41:08 | 000,845,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT) SRV:[b]64bit:[/b] - [2009-07-14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:59 | 000,776,192 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009-07-14 03:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub) SRV:[b]64bit:[/b] - [2009-07-14 03:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost) SRV:[b]64bit:[/b] - [2009-07-14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV:[b]64bit:[/b] - [2009-07-14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:[b]64bit:[/b] - [2009-07-14 03:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b]64bit:[/b] - [2009-07-14 03:40:32 | 000,162,816 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\dps.dll -- (DPS) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b]64bit:[/b] - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b]64bit:[/b] - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009-07-14 03:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:[b]64bit:[/b] - [2009-07-14 03:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv) SRV:[b]64bit:[/b] - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009-07-14 03:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:[b]64bit:[/b] - [2009-07-14 03:39:49 | 000,532,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds) SRV:[b]64bit:[/b] - [2009-07-14 03:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect) SRV:[b]64bit:[/b] - [2009-07-14 03:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP) SRV:[b]64bit:[/b] - [2009-07-14 03:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch) SRV:[b]64bit:[/b] - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC) SRV:[b]64bit:[/b] - [2009-07-14 03:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:[b]64bit:[/b] - [2009-07-14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\lsass.exe -- (EFS) SRV:[b]64bit:[/b] - [2009-07-14 03:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator) SRV:[b]64bit:[/b] - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2009-07-14 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp) SRV:[b]64bit:[/b] - [2009-07-14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV - [2010-09-17 00:54:42 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-08-29 02:32:13 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-08-25 18:38:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-05-09 11:44:41 | 000,696,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-22 04:31:02 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2009-10-22 03:49:18 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2009-07-14 03:39:48 | 000,194,048 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller) SRV - [2009-07-14 03:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2009-07-14 03:16:20 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM) Zdalne zarządzanie systemem Windows (WS-Management) SRV - [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc) SRV - [2009-07-14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009-07-14 03:16:18 | 000,276,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc) SRV - [2009-07-14 03:16:18 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient) SRV - [2009-07-14 03:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost) SRV - [2009-07-14 03:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost) SRV - [2009-07-14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService) SRV - [2009-07-14 03:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost) SRV - [2009-07-14 03:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV - [2009-07-14 03:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) SRV - [2009-07-14 03:16:13 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv) SRV - [2009-07-14 03:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Sens.dll -- (SENS) SRV - [2009-07-14 03:16:12 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla) SRV - [2009-07-14 03:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE) SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV - [2009-07-14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009-07-14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009-07-14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV - [2009-07-14 03:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch) SRV - [2009-07-14 03:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost) SRV - [2009-07-14 03:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV - [2009-07-14 03:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009-06-10 22:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2009-06-10 22:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-11-04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008-10-25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007-06-29 19:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2007-06-27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-04-13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (All) ==========[/color] DRV:[b]64bit:[/b] - File not found [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter) DRV:[b]64bit:[/b] - [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:[b]64bit:[/b] - [2010-07-09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:[b]64bit:[/b] - [2010-06-22 05:21:15 | 000,463,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv) DRV:[b]64bit:[/b] - [2010-06-22 05:20:50 | 000,404,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2) DRV:[b]64bit:[/b] - [2010-06-22 05:20:34 | 000,162,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet) DRV:[b]64bit:[/b] - [2010-06-14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6) DRV:[b]64bit:[/b] - [2010-06-14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip) DRV:[b]64bit:[/b] - [2010-03-25 21:30:22 | 000,173,984 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MpFilter.sys -- (MpFilter) DRV:[b]64bit:[/b] - [2010-03-25 21:30:22 | 000,040,832 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MpNWMon.sys -- (MpNWMon) DRV:[b]64bit:[/b] - [2010-02-27 09:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10) DRV:[b]64bit:[/b] - [2010-02-27 09:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20) DRV:[b]64bit:[/b] - [2010-02-27 09:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb) DRV:[b]64bit:[/b] - [2009-12-22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:[b]64bit:[/b] - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:[b]64bit:[/b] - [2009-11-24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-11-04 18:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-10-02 06:32:07 | 000,982,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl) DRV:[b]64bit:[/b] - [2009-09-30 04:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:[b]64bit:[/b] - [2009-09-19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:[b]64bit:[/b] - [2009-09-17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2009-07-27 09:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:[b]64bit:[/b] - [2009-07-14 03:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS) System Common Log (CLFS) DRV:[b]64bit:[/b] - [2009-07-14 03:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt) DRV:[b]64bit:[/b] - [2009-07-14 03:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide) DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,224,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,155,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,140,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,030,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci) DRV:[b]64bit:[/b] - [2009-07-14 03:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv) DRV:[b]64bit:[/b] - [2009-07-14 03:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp) DRV:[b]64bit:[/b] - [2009-07-14 03:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:[b]64bit:[/b] - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:[b]64bit:[/b] - [2009-07-14 03:47:47 | 000,290,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr) DRV:[b]64bit:[/b] - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,363,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,071,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4) DRV:[b]64bit:[/b] - [2009-07-14 03:45:46 | 000,075,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,183,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,104,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide) DRV:[b]64bit:[/b] - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:[b]64bit:[/b] - [2009-07-14 03:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV:[b]64bit:[/b] - [2009-07-14 03:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH) DRV:[b]64bit:[/b] - [2009-07-14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint) DRV:[b]64bit:[/b] - [2009-07-14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan) DRV:[b]64bit:[/b] - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:[b]64bit:[/b] - [2009-07-14 02:16:41 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv) DRV:[b]64bit:[/b] - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:[b]64bit:[/b] - [2009-07-14 02:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD) DRV:[b]64bit:[/b] - [2009-07-14 02:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD) DRV:[b]64bit:[/b] - [2009-07-14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP) DRV:[b]64bit:[/b] - [2009-07-14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE) DRV:[b]64bit:[/b] - [2009-07-14 02:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem) DRV:[b]64bit:[/b] - [2009-07-14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:[b]64bit:[/b] - [2009-07-14 02:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:[b]64bit:[/b] - [2009-07-14 02:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6) DRV:[b]64bit:[/b] - [2009-07-14 02:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport) Miniport WAN (PPTP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe) DRV:[b]64bit:[/b] - [2009-07-14 02:10:13 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan) DRV:[b]64bit:[/b] - [2009-07-14 02:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac) DRV:[b]64bit:[/b] - [2009-07-14 02:10:12 | 000,130,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp) Miniport WAN (L2TP) DRV:[b]64bit:[/b] - [2009-07-14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd) DRV:[b]64bit:[/b] - [2009-07-14 02:10:04 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV:[b]64bit:[/b] - [2009-07-14 02:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT) DRV:[b]64bit:[/b] - [2009-07-14 02:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi) DRV:[b]64bit:[/b] - [2009-07-14 02:09:49 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg) DRV:[b]64bit:[/b] - [2009-07-14 02:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv) DRV:[b]64bit:[/b] - [2009-07-14 02:09:42 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched) DRV:[b]64bit:[/b] - [2009-07-14 02:09:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel) DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS) DRV:[b]64bit:[/b] - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:[b]64bit:[/b] - [2009-07-14 02:09:25 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio) DRV:[b]64bit:[/b] - [2009-07-14 02:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb) Protokół TCP/IP i TCP/IPv6 zorientowany na wiadomości (sesja SMB) DRV:[b]64bit:[/b] - [2009-07-14 02:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM) DRV:[b]64bit:[/b] - [2009-07-14 02:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr) DRV:[b]64bit:[/b] - [2009-07-14 02:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio) DRV:[b]64bit:[/b] - [2009-07-14 02:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv) DRV:[b]64bit:[/b] - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:[b]64bit:[/b] - [2009-07-14 02:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP) DRV:[b]64bit:[/b] - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:[b]64bit:[/b] - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:[b]64bit:[/b] - [2009-07-14 02:07:09 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub) DRV:[b]64bit:[/b] - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:[b]64bit:[/b] - [2009-07-14 02:06:56 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM) DRV:[b]64bit:[/b] - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:[b]64bit:[/b] - [2009-07-14 02:06:45 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp) DRV:[b]64bit:[/b] - [2009-07-14 02:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy) DRV:[b]64bit:[/b] - [2009-07-14 02:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV:[b]64bit:[/b] - [2009-07-14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR) DRV:[b]64bit:[/b] - [2009-07-14 02:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass) DRV:[b]64bit:[/b] - [2009-07-14 02:06:30 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci) DRV:[b]64bit:[/b] - [2009-07-14 02:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci) DRV:[b]64bit:[/b] - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:[b]64bit:[/b] - [2009-07-14 02:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci) DRV:[b]64bit:[/b] - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:[b]64bit:[/b] - [2009-07-14 02:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr) DRV:[b]64bit:[/b] - [2009-07-14 02:06:22 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb) DRV:[b]64bit:[/b] - [2009-07-14 02:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud) DRV:[b]64bit:[/b] - [2009-07-14 02:06:13 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus) DRV:[b]64bit:[/b] - [2009-07-14 02:06:06 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd) DRV:[b]64bit:[/b] - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:[b]64bit:[/b] - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:[b]64bit:[/b] - [2009-07-14 02:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen) DRV:[b]64bit:[/b] - [2009-07-14 02:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc) DRV:[b]64bit:[/b] - [2009-07-14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy) DRV:[b]64bit:[/b] - [2009-07-14 02:01:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd) DRV:[b]64bit:[/b] - [2009-07-14 02:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk) DRV:[b]64bit:[/b] - [2009-07-14 02:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc) DRV:[b]64bit:[/b] - [2009-07-14 02:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk) DRV:[b]64bit:[/b] - [2009-07-14 02:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport) DRV:[b]64bit:[/b] - [2009-07-14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial) DRV:[b]64bit:[/b] - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:[b]64bit:[/b] - [2009-07-14 02:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum) DRV:[b]64bit:[/b] - [2009-07-14 02:00:20 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid) DRV:[b]64bit:[/b] - [2009-07-14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid) DRV:[b]64bit:[/b] - [2009-07-14 02:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse) DRV:[b]64bit:[/b] - [2009-07-14 02:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk) DRV:[b]64bit:[/b] - [2009-07-14 02:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV) DRV:[b]64bit:[/b] - [2009-07-14 02:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE) DRV:[b]64bit:[/b] - [2009-07-14 02:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK) DRV:[b]64bit:[/b] - [2009-07-14 02:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM) DRV:[b]64bit:[/b] - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:[b]64bit:[/b] - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:[b]64bit:[/b] - [2009-07-14 01:47:45 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV) DRV:[b]64bit:[/b] - [2009-07-14 01:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor) DRV:[b]64bit:[/b] - [2009-07-14 01:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave) DRV:[b]64bit:[/b] - [2009-07-14 01:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga) DRV:[b]64bit:[/b] - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:[b]64bit:[/b] - [2009-07-14 01:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive) DRV:[b]64bit:[/b] - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev) DRV:[b]64bit:[/b] - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:[b]64bit:[/b] - [2009-07-14 01:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi) DRV:[b]64bit:[/b] - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:[b]64bit:[/b] - [2009-07-14 01:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv) DRV:[b]64bit:[/b] - [2009-07-14 01:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace) DRV:[b]64bit:[/b] - [2009-07-14 01:24:10 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss) DRV:[b]64bit:[/b] - [2009-07-14 01:23:57 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV) DRV:[b]64bit:[/b] - [2009-07-14 01:23:50 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser) DRV:[b]64bit:[/b] - [2009-07-14 01:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC) DRV:[b]64bit:[/b] - [2009-07-14 01:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:[b]64bit:[/b] - [2009-07-14 01:22:20 | 000,751,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP) DRV:[b]64bit:[/b] - [2009-07-14 01:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD) DRV:[b]64bit:[/b] - [2009-07-14 01:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT) DRV:[b]64bit:[/b] - [2009-07-14 01:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx) DRV:[b]64bit:[/b] - [2009-07-14 01:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy) DRV:[b]64bit:[/b] - [2009-07-14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt) DRV:[b]64bit:[/b] - [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom) DRV:[b]64bit:[/b] - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:[b]64bit:[/b] - [2009-07-14 01:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor) DRV:[b]64bit:[/b] - [2009-06-10 22:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm) DRV:[b]64bit:[/b] - [2009-06-10 22:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV:[b]64bit:[/b] - [2009-06-10 22:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer) DRV:[b]64bit:[/b] - [2009-06-10 22:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo) DRV:[b]64bit:[/b] - [2009-06-10 22:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp) DRV:[b]64bit:[/b] - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:[b]64bit:[/b] - [2008-11-04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune) DRV:[b]64bit:[/b] - [2008-08-28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010-08-12 14:15:22 | 000,016,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009-12-22 04:31:02 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009-10-22 03:49:14 | 000,021,048 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-03-05 06:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J) DRV - [2008-12-27 04:21:10 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter) DRV - [2008-12-19 04:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro) DRV - [2006-08-28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3611173932-2121784299-3744245936-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-09-09 04:00:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-09-09 04:00:26 | 000,000,000 | ---D | M] [2010-08-25 00:34:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions [2010-09-17 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\7pcj8uok.default\extensions [2010-08-25 00:34:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-08-25 19:39:54 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneLauncher.exe () O4:[b]64bit:[/b] - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3611173932-2121784299-3744245936-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3611173932-2121784299-3744245936-1001..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKU\S-1-5-21-3611173932-2121784299-3744245936-1001..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3611173932-2121784299-3744245936-1001\..Trusted Domains: mks.com.pl ([www] https in Zaufane witryny) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - Service SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - Service SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-09-17 22:38:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\stare logi [2010-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\_OTL [2010-09-17 21:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010-09-17 21:45:10 | 000,000,000 | ---D | C] -- C:\rsit [2010-09-17 21:29:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010-09-17 20:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010-09-17 00:54:47 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-09-17 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Sunbelt Software [2010-09-17 00:51:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010-09-17 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010-09-17 00:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010-09-16 23:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2010-09-14 06:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2010-09-12 03:19:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010-09-12 03:17:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\MotioninJoy_050002_amd64 [2010-09-12 02:00:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka10.09.10 praca [2010-09-11 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-11 21:59:34 | 001,093,632 | ---- | C] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-10 18:04:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010-09-10 18:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010-09-10 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2010-09-09 19:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010-09-06 18:10:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010-09-05 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2010-09-05 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C} [2010-09-05 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ClipboardManager [2010-09-05 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConventer Samsung Monte [2010-09-04 12:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2010-09-03 20:08:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Videos [2010-09-03 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\SelfMV [2010-09-03 19:58:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Samsung [2010-09-03 19:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010-09-03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:56:10 | 000,161,280 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdm.sys [2010-09-03 19:56:10 | 000,128,000 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bserd.sys [2010-09-03 19:56:10 | 000,127,488 | ---- | C] (MCCI) -- C:\Windows\SysNative\drivers\ss_bbus.sys [2010-09-03 19:56:10 | 000,018,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwhnt.sys [2010-09-03 19:56:10 | 000,015,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bwh.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcmnt.sys [2010-09-03 19:56:10 | 000,015,360 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bcm.sys [2010-09-03 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG [2010-09-03 19:55:45 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010-09-03 19:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-09-03 19:55:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-09-03 19:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010-09-03 19:51:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-09-03 19:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2010-09-03 19:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010-09-03 19:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2010-09-03 19:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung [2010-09-01 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft Games [2010-09-01 00:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2010-08-31 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2010-08-31 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Alcohol 120% [2010-08-31 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Easy CD-DA Extractor [2010-08-31 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy CD-DA Extractor [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Easy CD-DA Extractor 12 [2010-08-31 16:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 12 [2010-08-29 12:09:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ElevatedDiagnostics [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010-08-29 02:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-08-29 02:24:50 | 000,000,000 | ---D | C] -- C:\Half-Life 2 [2010-08-29 02:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010-08-28 23:22:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Last.fm [2010-08-28 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Canon [2010-08-28 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\magisterka [2010-08-28 09:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay [2010-08-28 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps [2010-08-27 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Games [2010-08-27 22:03:55 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Prey [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-08-26 01:48:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bentley Shared [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Bentley [2010-08-26 01:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bentley [2010-08-26 00:57:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010-08-26 00:15:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mathsoft [2010-08-26 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Ahead [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010-08-26 00:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2010-08-25 21:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2010-08-25 21:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010-08-25 21:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010-08-25 21:35:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010-08-25 21:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2010-08-25 21:34:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010-08-25 21:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2010-08-25 20:41:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Player Classic [2010-08-25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\robert 2 [2010-08-25 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Robert PRACA MGR [2010-08-25 20:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010-08-25 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2010-08-25 20:17:35 | 000,000,000 | ---D | C] -- C:\ATI [2010-08-25 19:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010-08-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010-08-25 19:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010-08-25 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010-08-25 18:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010-08-25 18:42:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Autodesk [2010-08-25 18:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Projects [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Civil 3D Project Templates [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-25 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Autodesk [2010-08-25 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoCAD Civil 3D 2010 [2010-08-25 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs [2010-08-25 18:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010-08-25 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010-08-25 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2010-08-25 17:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2010-08-25 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations [2010-08-25 17:22:21 | 000,421,888 | ---- | C] (NVIDIA) -- C:\Windows\nvsulib.dll [2010-08-25 17:22:21 | 000,018,216 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclk64.sys [2010-08-25 17:22:21 | 000,006,912 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclock.sys [2010-08-25 17:22:20 | 001,622,016 | ---- | C] (NVIDIA) -- C:\Windows\NVBenchMarks.dll [2010-08-25 17:22:20 | 000,380,928 | ---- | C] (NVIDIA) -- C:\Windows\ntuneoem.dll [2010-08-25 17:22:20 | 000,045,056 | ---- | C] (NVIDIA) -- C:\Windows\NTuneGpu.dll [2010-08-25 17:22:20 | 000,028,672 | ---- | C] (NVIDIA) -- C:\Windows\AutoTuneScript.dll [2010-08-25 17:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI [2010-08-25 17:10:35 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2010-08-25 17:10:35 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll [2010-08-25 17:10:35 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2010-08-25 17:10:35 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2010-08-25 17:10:35 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll [2010-08-25 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2010-08-25 17:09:41 | 000,058,880 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2010-08-25 17:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2010-08-25 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010-08-25 17:04:36 | 000,121,872 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys [2010-08-25 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\skróty [2010-08-25 16:28:55 | 000,021,480 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys [2010-08-25 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010-08-25 06:55:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010-08-25 04:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010-08-25 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010-08-25 03:41:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010-08-25 01:46:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Sony Corporation [2010-08-25 01:27:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-08-25 01:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathcad [2010-08-25 01:21:04 | 000,827,392 | R--- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash.ocx [2010-08-25 01:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEC [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\mpvthook.dll [2010-08-25 01:19:33 | 000,143,872 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\mpvthook.dll [2010-08-25 01:19:33 | 000,014,848 | ---- | C] (Samsung Electronics, Inc.) -- C:\Windows\SysNative\drivers\magicpvt.sys [2010-08-25 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicRotation [2010-08-25 01:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010-08-25 01:18:11 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2010-08-25 01:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTune Premium [2010-08-25 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\InstallShield [2010-08-25 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Macromedia [2010-08-25 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Adobe [2010-08-25 00:38:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Mozilla [2010-08-25 00:34:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mozilla [2010-08-25 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010-08-25 00:31:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-25 00:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet [2010-08-25 00:29:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\WinRAR [2010-08-25 00:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2010-08-25 00:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tlen.pl [2010-08-25 00:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tlen.pl [2010-08-25 00:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPI-PROJEKT [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2010-08-25 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010-08-25 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-25 00:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000 [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-08-25 00:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-08-24 23:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010-08-24 23:20:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Help [2010-08-24 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010-08-24 23:07:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-08-24 23:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010-08-24 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-08-24 22:59:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Ahead [2010-08-24 22:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead [2010-08-24 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Diagnostics [2010-08-24 19:01:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft Games [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\ATI [2010-08-24 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ATI [2010-08-24 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-08-24 18:56:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-08-24 18:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-08-24 18:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-08-24 17:39:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-24 01:37:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-08-24 01:37:24 | 000,000,000 | -HSD | C] -- C:\Boot [2010-08-24 00:46:07 | 000,000,000 | R--D | C] -- C:\Users\Robert\Searches [2010-08-24 00:45:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Identities [2010-08-24 00:45:54 | 000,000,000 | R--D | C] -- C:\Users\Robert\Contacts [2010-08-24 00:45:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\VirtualStore [2010-08-24 00:45:45 | 000,000,000 | --SD | C] -- C:\Users\Robert\AppData\Roaming\Microsoft [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Videos [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Saved Games [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Pictures [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Music [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Links [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Favorites [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Downloads [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Documents [2010-08-24 00:45:45 | 000,000,000 | R--D | C] -- C:\Users\Robert\Desktop [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Ustawienia lokalne [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Temporary Internet Files [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Szablony [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\SendTo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Recent [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\PrintHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\NetHood [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje wideo [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moje obrazy [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Moje dokumenty [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Documents\Moja muzyka [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Menu Start [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Historia [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\AppData\Local\Dane aplikacji [2010-08-24 00:45:45 | 000,000,000 | -HSD | C] -- C:\Users\Robert\Cookies [2010-08-24 00:45:45 | 000,000,000 | -H-D | C] -- C:\Users\Robert\AppData [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Temp [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Microsoft [2010-08-24 00:45:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Media Center Programs [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2010-08-24 00:45:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2010-08-24 00:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-08-24 00:38:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010-08-24 00:38:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-09-17 22:41:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010-09-17 22:40:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-09-17 22:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-09-17 22:40:04 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2010-09-17 22:32:21 | 002,621,440 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT [2010-09-17 22:32:18 | 004,845,466 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db [2010-09-17 22:30:30 | 003,672,054 | ---- | M] () -- C:\Users\Robert\Desktop\rejestr.bmp [2010-09-17 21:44:53 | 000,339,991 | ---- | M] () -- C:\Users\Robert\Desktop\RSIT.exe [2010-09-17 21:29:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2010-09-17 21:18:55 | 082,168,735 | ---- | M] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:49:22 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-09-17 20:14:33 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 00:51:48 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:30:58 | 036,217,292 | ---- | M] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-15 17:56:39 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-09-15 17:56:39 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-09-15 17:56:39 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-09-15 17:56:39 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-09-15 17:56:39 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-09-14 06:05:17 | 000,006,144 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-11 21:59:35 | 001,093,632 | ---- | M] (Karol Winnicki) -- C:\Users\Robert\Desktop\BESTplayer.exe [2010-09-08 16:13:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010-09-07 00:06:33 | 000,000,595 | ---- | M] () -- C:\Users\Robert\Documents\ax_files.xml [2010-09-05 02:42:11 | 000,007,605 | ---- | M] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-03 19:50:28 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | M] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | M] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | M] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | M] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | M] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | M] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:18 | 000,000,703 | ---- | M] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | M] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:45:55 | 000,000,652 | ---- | M] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 22:03:55 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2010-08-27 20:14:03 | 000,001,468 | ---- | M] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 15:59:57 | 000,501,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-08-26 01:57:14 | 000,001,233 | ---- | M] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | M] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-26 00:14:10 | 000,140,464 | ---- | M] () -- C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT [2010-08-25 22:06:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | M] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:53:45 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini [2010-08-25 18:38:15 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | M] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:54 | 000,000,673 | ---- | M] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 16:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | M] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:19:33 | 000,000,108 | ---- | M] () -- C:\Windows\SysNative\driver.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-24 23:07:38 | 000,001,000 | ---- | M] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 19:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 19:06:59 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 01:37:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-08-24 00:45:45 | 000,000,020 | -HS- | M] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-08-24 00:40:57 | 000,064,519 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-08-24 00:39:51 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-08-12 14:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010-08-12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-09-17 22:33:50 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010-09-17 22:30:30 | 003,672,054 | ---- | C] () -- C:\Users\Robert\Desktop\rejestr.bmp [2010-09-17 21:44:51 | 000,339,991 | ---- | C] () -- C:\Users\Robert\Desktop\RSIT.exe [2010-09-17 21:17:06 | 082,168,735 | ---- | C] () -- C:\Users\Robert\Desktop\tgs_gt5_2.wmv [2010-09-17 20:14:33 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010-09-17 17:53:11 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010-09-17 00:51:48 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010-09-17 00:49:08 | 000,001,268 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk [2010-09-16 20:28:48 | 036,217,292 | ---- | C] () -- C:\Users\Robert\Desktop\t_thelastguardian_tgs10_trailer_hd.wmv [2010-09-14 06:08:51 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010-09-05 02:42:11 | 000,007,605 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg [2010-09-04 12:15:59 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010-09-03 20:07:42 | 000,006,144 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-03 19:50:28 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010-09-01 00:12:22 | 000,001,888 | ---- | C] () -- C:\Users\Robert\Desktop\Gears of War.lnk [2010-08-31 16:56:39 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Easy CD-DA Extractor.lnk [2010-08-30 18:46:27 | 000,000,764 | ---- | C] () -- C:\Users\Robert\Desktop\Prey.lnk [2010-08-30 18:45:50 | 000,000,570 | ---- | C] () -- C:\Users\Robert\Desktop\DeSmuME.lnk [2010-08-30 18:45:33 | 000,000,749 | ---- | C] () -- C:\Users\Robert\Desktop\Dolphin.lnk [2010-08-30 18:45:08 | 000,001,321 | ---- | C] () -- C:\Users\Robert\Desktop\Portal.lnk [2010-08-30 18:44:36 | 000,000,941 | ---- | C] () -- C:\Users\Robert\Desktop\Steam.lnk [2010-08-30 18:03:12 | 000,000,021 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\.dolphinx64wd [2010-08-28 23:35:06 | 000,000,703 | ---- | C] () -- C:\Users\Robert\Desktop\Downoloads.lnk [2010-08-28 10:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Robert\Sti_Trace.log [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010-08-28 02:38:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf [2010-08-28 01:50:25 | 000,001,484 | ---- | C] () -- C:\Users\Robert\Desktop\foobar2000.lnk [2010-08-28 01:46:03 | 000,000,652 | ---- | C] () -- C:\Users\Robert\Desktop\Filmy.lnk [2010-08-27 20:13:45 | 000,001,468 | ---- | C] () -- C:\Users\Robert\Desktop\napisy.lnk [2010-08-26 01:57:14 | 000,001,233 | ---- | C] () -- C:\Users\Robert\Desktop\Pobrane.lnk [2010-08-26 01:47:28 | 000,001,234 | ---- | C] () -- C:\Users\Robert\Desktop\MicroStation.lnk [2010-08-25 22:06:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010-08-25 20:31:52 | 000,001,554 | ---- | C] () -- C:\Users\Robert\Desktop\MILANINA.lnk [2010-08-25 19:39:58 | 000,000,595 | ---- | C] () -- C:\Users\Robert\Documents\ax_files.xml [2010-08-25 18:38:15 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Civil 3D 2010.lnk [2010-08-25 18:37:01 | 000,002,649 | ---- | C] () -- C:\Users\Robert\Desktop\AutoCAD 2010.lnk [2010-08-25 18:10:24 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-08-25 17:31:42 | 000,000,673 | ---- | C] () -- C:\Users\Robert\Desktop\Muzyka.lnk [2010-08-25 17:22:21 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2010-08-25 16:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-08-25 01:45:46 | 000,002,404 | ---- | C] () -- C:\Users\Robert\Documents\SEC Natural color pro. August 25 2010 - 01 45 AM.icm [2010-08-25 01:21:05 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2010-08-25 01:19:33 | 000,000,108 | ---- | C] () -- C:\Windows\SysNative\driver.dat [2010-08-25 01:19:33 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\magicpvt.dat [2010-08-25 00:34:12 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-08-25 00:14:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010-08-24 23:07:38 | 000,001,000 | ---- | C] () -- C:\Users\Robert\Desktop\Cyber-shot Viewer.lnk [2010-08-24 01:37:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-08-24 01:37:24 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010-08-24 00:45:45 | 002,621,440 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-08-24 00:45:45 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-08-24 00:45:45 | 000,262,144 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG1 [2010-08-24 00:45:45 | 000,065,536 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-08-24 00:45:45 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\ntuser.ini [2010-08-24 00:45:45 | 000,000,000 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG2 [2010-08-24 00:39:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-08-24 00:38:08 | 1609,965,568 | -HS- | C] () -- C:\hiberfil.sys [2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009-11-09 04:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2009-11-09 04:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2009-11-09 04:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2009-11-09 04:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-08-28 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk [2010-08-26 01:48:06 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bentley [2010-09-11 22:05:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BESTplayer [2010-09-17 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BitComet [2010-08-28 10:41:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canon [2010-09-17 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\foobar2000 [2010-08-24 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Foxit Software [2010-08-25 00:26:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IrfanView [2010-08-25 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mathsoft [2010-09-03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PC Suite [2010-09-03 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Samsung [2010-08-25 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tlen.pl [2010-09-17 22:41:17 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009-07-14 07:08:49 | 000,020,710 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-09-17 22:40:03 | 000,001,116 | ---- | M] () -- C:\aaw7boot.log [2010-09-03 19:50:28 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-08-24 01:37:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-09-17 22:40:04 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2010-09-16 23:39:03 | 000,007,530 | ---- | M] () -- C:\mksbasel.cpp.log [2006-12-01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2010-09-17 22:40:03 | 2146,623,488 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report > [/log] info [log]info.txt logfile of random's system information tool 1.08 2010-09-17 22:48:21 ======Uninstall list====== -->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {E9EA2604-8AC9-47D2-8F4B-6BF60787A357} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0415-1000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} 2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {79EB535E-76E4-4356-8146-A24EE55AB69D} Ad-Aware-->"C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228} Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86} Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD} ALLConventer 1.1 + skin s5620-->C:\Program Files (x86)\ALLConventer Samsung Monte\Uninstal.exe AMD OverDrive-->MsiExec.exe /X{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5} Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\SETUP.EXE" -runfromtemp -l0x0015 -removeonly ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E} AutoCAD Civil 3D 2010 - Polski-->C:\Program Files (x86)\AutoCAD Civil 3D 2010\Setup\Setup.exe /P {5783F2D7-8000-0415-0002-0060B0CE6BBA} /M ACAD /language pl-PL AutoCAD Civil 3D 2010 - Polski-->C:\Program Files (x86)\AutoCAD Civil 3D 2010\Setup\Setup.exe /P {5783F2D7-8000-0415-0002-0060B0CE6BBA} /M C3D /language pl-PL Autodesk Design Review 2010-->C:\Program Files (x86)\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR Bentley MicroStation PowerDraft XM Edition 08.09.04.51-->MsiExec.exe /I{EE01A751-1DB9-43F1-8747-F81E7477BFDA} BitComet 1.22-->C:\Program Files (x86)\BitComet\uninst.exe Canon MP Navigator EX 1.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 1.0\uninst.ini Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45} CDisplay 1.8-->"C:\Program Files (x86)\CDisplay\unins000.exe" Easy CD-DA Extractor 12-->"C:\Windows\Easy CD-DA Extractor 12\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml" foobar2000 v1.1-->"C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000 Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe Gears of War-->C:\Program Files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409 HydraVision-->MsiExec.exe /X{C6B29F03-4D97-3B4E-D906-70958E6B1448} IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\setup.exe" -runfromtemp -l0x0415 -removeonly Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47} K-Lite Codec Pack 6.0.4 (Basic)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" MagicRotation-->C:\Program Files (x86)\InstallShield Installation Information\{31DBA23B-55DA-48F5-B5B4-A031B722F648}\setup.exe -runfromtemp -l0x0009 -removeonly MagicTunePremium-->C:\Program Files (x86)\InstallShield Installation Information\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}\setup.exe -runfromtemp -l0x0015 -removeonly Mathcad 14 Help-->MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6} Mathcad 14 Resource Center-->MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC} Mathcad 14-->MsiExec.exe /I{E666A69B-A76D-43D5-AF28-4B2150A6EDE2} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F} Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE} Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE} Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE} Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE} Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE} Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE} Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE} Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual Basic Power Packs 3.0-->MsiExec.exe /I{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NapiProjekt 1.0.6.9-->"C:\Program Files (x86)\NAPI-PROJEKT\unins000.exe" Natural Color Pro-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9 Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301045} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OverclockingCenter-->"C:\Program Files (x86)\MSI\OverclockingCenter\unins000.exe" PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8} PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe PIXMA Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R Prey-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly Rejestracja użytkownika drukarki Canon MP220 series-->C:\Program Files (x86)\Canon\IJEREG\MP220 series\UNINST.EXE Revo Uninstaller 1.89-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA} Skaner on-line mks_vir-->C:\Windows\system32\SkanerOnlineUninstall.exe Sony Picture Utility-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Tlen.pl-->"C:\Program Files (x86)\Tlen.pl\uninstall.exe" Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8} VIA Platforma Menedżera urządzeń-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" ======Hosts File====== 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com ======System event log====== Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Cryptographic Services weszła w stan stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20090714051424.262212-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Modules Installer weszła w stan stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20090714051424.168612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Software Protection weszła w stan stopped. Record Number: 3 Source Name: Service Control Manager Time Written: 20090714051424.059412-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Windows Event Log weszła w stan stopped. Record Number: 2 Source Name: Service Control Manager Time Written: 20090714051424.012612-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 7036 Message: Usługa Volume Shadow Copy weszła w stan stopped. Record Number: 1 Source Name: Service Control Manager Time Written: 20090714051423.934612-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247E29-32 Event Code: 900 Message: Usługa ochrony oprogramowania jest uruchamiana. Record Number: 5 Source Name: Microsoft-Windows-Security-SPP Time Written: 20100823224026.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20100823223851.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20100823223847.000000-000 Event Type: Informacje User: Computer Name: 37L4247E29-32 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100823223843.288893-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247E29-32 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20100823223843.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223830.730871-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247E29-32$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1c0 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223830.730871-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x3090a Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223824.147660-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223821.558055-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100823223821.402055-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=3 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0502 -----------------EOF----------------- [/log] log [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Robert at 2010-09-17 22:48:14 Microsoft Windows 7 Home Premium System drive C: has 24 GB (36%) free of 67 GB Total RAM: 2047 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:48:19, on 2010-09-17 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Tlen.pl\tlen.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Robert\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Robert.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe O4 - HKCU\..\Run: [Komunikator] C:\Program Files (x86)\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7369 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-09 2762240] "DelReg"=C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [2008-12-04 196608] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200] "MagicRotation"=C:\Program Files (x86)\MagicRotation\MagicPvt.exe [2009-06-19 1286144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Komunikator"=C:\Program Files (x86)\Tlen.pl\tlen.exe [2009-01-17 5853672] "AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] "KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - C:\Windows\SysWOW64\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 2 months====== 2010-09-17 22:31:14 ----D---- C:\_OTL 2010-09-17 21:45:10 ----D---- C:\rsit 2010-09-17 21:45:10 ----D---- C:\Program Files (x86)\trend micro 2010-09-17 20:14:36 ----D---- C:\Program Files (x86)\Microsoft Antimalware 2010-09-17 00:51:50 ----HDC---- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 00:51:28 ----D---- C:\ProgramData\Lavasoft 2010-09-17 00:51:28 ----D---- C:\Program Files (x86)\Lavasoft 2010-09-17 00:49:03 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-09-17 00:49:03 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2010-09-15 22:58:07 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-09-14 06:08:51 ----A---- C:\Windows\SysWOW64\unrar.dll 2010-09-14 06:08:50 ----D---- C:\Program Files (x86)\K-Lite Codec Pack 2010-09-11 22:00:07 ----D---- C:\Users\Robert\AppData\Roaming\BESTplayer 2010-09-10 18:04:27 ----D---- C:\Windows\SysWOW64\xlive 2010-09-10 18:04:23 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2010-09-10 18:03:50 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2010-09-09 19:16:10 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-09-06 18:10:27 ----D---- C:\Windows\Minidump 2010-09-05 20:30:44 ----D---- C:\Program Files (x86)\VS Revo Group 2010-09-05 14:38:12 ----D---- C:\Program Files (x86)\ALLConventer Samsung Monte 2010-09-04 12:15:58 ----D---- C:\Program Files (x86)\PDFCreator 2010-09-04 12:15:58 ----A---- C:\Windows\SysWOW64\MSMPIDE.DLL 2010-09-03 19:58:58 ----D---- C:\ProgramData\PC Suite 2010-09-03 19:58:57 ----D---- C:\Users\Robert\AppData\Roaming\PC Suite 2010-09-03 19:53:03 ----D---- C:\Program Files (x86)\PC Connectivity Solution 2010-09-03 19:51:20 ----D---- C:\Users\Robert\AppData\Roaming\Samsung 2010-09-03 19:50:30 ----D---- C:\Program Files (x86)\MarkAny 2010-09-03 19:50:29 ----D---- C:\ProgramData\Samsung 2010-09-03 19:50:22 ----D---- C:\Program Files (x86)\Samsung 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files\Samsung 2010-09-01 00:28:42 ----D---- C:\Users\Robert\AppData\Roaming\Microsoft Games 2010-09-01 00:09:32 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games 2010-08-31 23:47:48 ----D---- C:\Program Files (x86)\Microsoft Games 2010-08-31 16:56:38 ----D---- C:\ProgramData\Easy CD-DA Extractor 2010-08-31 16:56:37 ----D---- C:\Windows\Easy CD-DA Extractor 12 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Steam 2010-08-29 02:31:03 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-08-29 02:24:50 ----D---- C:\Half-Life 2 2010-08-29 02:12:26 ----D---- C:\ProgramData\TEMP 2010-08-28 10:41:15 ----D---- C:\Users\Robert\AppData\Roaming\Canon 2010-08-28 09:33:10 ----D---- C:\Program Files (x86)\CDisplay 2010-08-27 22:03:55 ----A---- C:\Windows\SysWOW64\CmdLineExt.dll 2010-08-27 22:02:11 ----D---- C:\Program Files (x86)\Prey 2010-08-26 01:48:06 ----D---- C:\Users\Robert\AppData\Roaming\Bentley 2010-08-26 01:47:00 ----D---- C:\ProgramData\Bentley 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Common Files\Bentley Shared 2010-08-26 01:47:00 ----D---- C:\Program Files (x86)\Bentley 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll 2010-08-26 01:00:46 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll 2010-08-26 01:00:45 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll 2010-08-26 01:00:44 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll 2010-08-26 01:00:43 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll 2010-08-26 01:00:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll 2010-08-26 01:00:39 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll 2010-08-26 01:00:38 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll 2010-08-26 01:00:37 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll 2010-08-26 01:00:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll 2010-08-26 01:00:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2010-08-26 01:00:34 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2010-08-26 01:00:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2010-08-26 01:00:32 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2010-08-26 01:00:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-08-26 01:00:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-08-26 01:00:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-08-26 01:00:28 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-08-26 01:00:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-08-26 01:00:26 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-08-26 01:00:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-08-26 01:00:23 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-08-26 01:00:22 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-08-26 01:00:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-08-26 01:00:20 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-08-26 01:00:19 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-08-26 01:00:18 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-08-26 01:00:17 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-08-26 01:00:16 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-08-26 01:00:15 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-08-26 01:00:14 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-08-26 01:00:12 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-08-26 01:00:11 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll 2010-08-26 01:00:10 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-08-26 00:57:25 ----D---- C:\Windows\SysWOW64\directx 2010-08-26 00:09:59 ----D---- C:\Users\Robert\AppData\Roaming\Ahead 2010-08-26 00:09:08 ----D---- C:\ProgramData\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Nero 2010-08-26 00:09:08 ----D---- C:\Program Files (x86)\Common Files\Ahead 2010-08-25 21:40:55 ----D---- C:\ProgramData\CanonIJPLM 2010-08-25 21:35:28 ----HD---- C:\ProgramData\CanonBJ 2010-08-25 21:34:28 ----D---- C:\Program Files (x86)\Canon 2010-08-25 20:41:43 ----D---- C:\Users\Robert\AppData\Roaming\Media Player Classic 2010-08-25 20:24:15 ----D---- C:\ProgramData\ATI 2010-08-25 20:20:58 ----D---- C:\Program Files (x86)\ATI 2010-08-25 20:17:35 ----D---- C:\ATI 2010-08-25 19:46:41 ----D---- C:\Program Files (x86)\Microsoft Works 2010-08-25 19:46:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 2010-08-25 19:46:04 ----D---- C:\Windows\PCHEALTH 2010-08-25 19:46:04 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-25 19:37:04 ----D---- C:\Program Files (x86)\Alcohol Soft 2010-08-25 18:43:49 ----D---- C:\ProgramData\FLEXnet 2010-08-25 18:38:06 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared 2010-08-25 18:31:27 ----D---- C:\Users\Robert\AppData\Roaming\Autodesk 2010-08-25 18:31:27 ----D---- C:\Civil 3D Projects 2010-08-25 18:31:27 ----D---- C:\Civil 3D Project Templates 2010-08-25 18:30:59 ----D---- C:\Program Files (x86)\AutoCAD Civil 3D 2010 2010-08-25 18:30:52 ----D---- C:\ProgramData\Autodesk 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft Visual Basic 2005 Power Packs 2010-08-25 18:29:13 ----D---- C:\Program Files (x86)\Microsoft SDKs 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-08-25 18:29:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-08-25 18:29:07 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-08-25 18:28:36 ----D---- C:\Program Files (x86)\Common Files\Designer 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared 2010-08-25 18:27:51 ----D---- C:\Program Files (x86)\Autodesk 2010-08-25 17:56:01 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-08-25 17:23:28 ----D---- C:\Program Files (x86)\AMD 2010-08-25 17:22:21 ----A---- C:\Windows\ver5.5.14.0.txt 2010-08-25 17:22:21 ----A---- C:\Windows\nvsulib.dll 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclock.sys 2010-08-25 17:22:21 ----A---- C:\Windows\nvoclk64.sys 2010-08-25 17:22:21 ----A---- C:\Windows\Nvgpio.dll 2010-08-25 17:22:21 ----A---- C:\Windows\NVGfxOgl.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NVBenchMarks.dll 2010-08-25 17:22:20 ----A---- C:\Windows\ntuneoem.dll 2010-08-25 17:22:20 ----A---- C:\Windows\NTuneGpu.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcr71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\msvcp71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\MFC71.dll 2010-08-25 17:22:20 ----A---- C:\Windows\AutoTuneScript.dll 2010-08-25 17:22:19 ----D---- C:\Program Files (x86)\MSI 2010-08-25 17:10:20 ----N---- C:\Windows\difxapi.dll 2010-08-25 17:10:19 ----D---- C:\Program Files (x86)\VIA 2010-08-25 17:09:23 ----D---- C:\Windows\SysWOW64\Atheros_L1e 2010-08-25 06:55:11 ----D---- C:\Windows\SysWOW64\Wat 2010-08-25 04:04:38 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-08-25 04:02:02 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-08-25 04:01:10 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-08-25 03:41:41 ----D---- C:\Program Files (x86)\Microsoft Office 2010-08-25 03:41:19 ----RHD---- C:\MSOCache 2010-08-25 03:05:39 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-08-25 03:05:37 ----A---- C:\Windows\SysWOW64\ntdll.dll 2010-08-25 03:05:36 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-25 03:05:31 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-08-25 03:05:30 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-08-25 03:05:28 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc_isv.dll 2010-08-25 03:05:26 ----A---- C:\Windows\SysWOW64\secproc.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe 2010-08-25 03:05:25 ----A---- C:\Windows\SysWOW64\RMActivate.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2010-08-25 03:05:24 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe 2010-08-25 03:05:16 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-08-25 03:05:15 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-08-25 03:05:13 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-08-25 03:05:04 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-08-25 03:04:57 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-25 03:04:56 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-25 03:04:55 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-25 03:04:54 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-25 03:04:53 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-25 03:04:51 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-08-25 03:04:51 ----A---- C:\Windows\explorer.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\wow32.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\user.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\setup16.exe 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2010-08-25 03:04:50 ----A---- C:\Windows\SysWOW64\instnm.exe 2010-08-25 03:04:49 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-25 03:04:41 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-25 03:04:38 ----A---- C:\Windows\SysWOW64\CPFilters.dll 2010-08-25 03:04:37 ----A---- C:\Windows\SysWOW64\psisdecd.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-08-25 03:04:36 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-25 03:04:33 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-08-25 03:04:30 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-08-25 03:04:26 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-08-25 03:04:25 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-08-25 03:04:24 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-08-25 01:46:46 ----D---- C:\Users\Robert\AppData\Roaming\Sony Corporation 2010-08-25 01:27:38 ----D---- C:\Users\Robert\AppData\Roaming\Mathsoft 2010-08-25 01:26:31 ----A---- C:\Windows\MC14_RC_IS_Log.txt 2010-08-25 01:26:07 ----D---- C:\Program Files (x86)\Mathcad 2010-08-25 01:26:04 ----A---- C:\Windows\MC14_Help_IS_Log.txt 2010-08-25 01:25:12 ----A---- C:\Windows\MC14_IS_LOG.txt 2010-08-25 01:21:05 ----A---- C:\Windows\SysWOW64\drivers\MTictwl.sys 2010-08-25 01:21:01 ----D---- C:\Program Files (x86)\SEC 2010-08-25 01:19:33 ----D---- C:\Program Files (x86)\MagicRotation 2010-08-25 01:19:33 ----A---- C:\Windows\mpvthook.dll 2010-08-25 01:19:14 ----D---- C:\ProgramData\InstallShield 2010-08-25 01:17:49 ----D---- C:\Program Files (x86)\MagicTune Premium 2010-08-25 01:17:41 ----D---- C:\Users\Robert\AppData\Roaming\InstallShield 2010-08-25 00:40:27 ----D---- C:\Users\Robert\AppData\Roaming\Macromedia 2010-08-25 00:40:26 ----D---- C:\Users\Robert\AppData\Roaming\Adobe 2010-08-25 00:38:56 ----D---- C:\Windows\SysWOW64\Macromed 2010-08-25 00:34:14 ----D---- C:\Users\Robert\AppData\Roaming\Mozilla 2010-08-25 00:34:10 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-25 00:31:26 ----D---- C:\Users\Robert\AppData\Roaming\BitComet 2010-08-25 00:31:25 ----D---- C:\Program Files (x86)\BitComet 2010-08-25 00:29:17 ----D---- C:\Users\Robert\AppData\Roaming\WinRAR 2010-08-25 00:27:24 ----D---- C:\Users\Robert\AppData\Roaming\Tlen.pl 2010-08-25 00:27:24 ----D---- C:\ProgramData\Tlen.pl 2010-08-25 00:27:19 ----D---- C:\Program Files (x86)\Tlen.pl 2010-08-25 00:26:54 ----D---- C:\Program Files (x86)\NAPI-PROJEKT 2010-08-25 00:26:02 ----D---- C:\Users\Robert\AppData\Roaming\IrfanView 2010-08-25 00:26:02 ----D---- C:\Program Files (x86)\IrfanView 2010-08-25 00:25:09 ----D---- C:\Program Files (x86)\Foxit Software 2010-08-25 00:24:35 ----D---- C:\Users\Robert\AppData\Roaming\foobar2000 2010-08-25 00:24:31 ----D---- C:\Program Files (x86)\foobar2000 2010-08-25 00:14:25 ----D---- C:\ProgramData\Alwil Software 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-08-25 00:12:01 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-08-24 23:20:38 ----D---- C:\ProgramData\Microsoft Help 2010-08-24 23:07:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-24 23:07:37 ----D---- C:\Program Files (x86)\Sony 2010-08-24 23:05:52 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-08-24 22:58:58 ----D---- C:\ProgramData\Ahead 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-08-24 22:57:12 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-08-24 18:58:09 ----D---- C:\Users\Robert\AppData\Roaming\ATI 2010-08-24 18:56:40 ----D---- C:\Program Files (x86)\ATI Technologies 2010-08-24 18:56:39 ----SHD---- C:\Windows\Installer 2010-08-24 17:39:39 ----D---- C:\Users\Robert\AppData\Roaming\Foxit Software 2010-08-24 01:37:37 ----D---- C:\Windows\Panther 2010-08-24 01:37:25 ----RASH---- C:\BOOTSECT.BAK 2010-08-24 01:37:24 ----SHD---- C:\Boot 2010-08-24 00:45:56 ----D---- C:\Users\Robert\AppData\Roaming\Identities 2010-08-24 00:45:45 ----SD---- C:\Users\Robert\AppData\Roaming\Microsoft 2010-08-24 00:45:45 ----D---- C:\Users\Robert\AppData\Roaming\Media Center Programs 2010-08-24 00:45:33 ----SHD---- C:\Recovery 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Ulubione 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Szablony 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Pulpit 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Menu Start 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dokumenty 2010-08-24 00:45:33 ----SHD---- C:\ProgramData\Dane aplikacji 2010-08-24 00:40:54 ----D---- C:\Windows\SoftwareDistribution 2010-08-24 00:38:26 ----D---- C:\Windows\Prefetch 2010-08-24 00:38:09 ----ASH---- C:\pagefile.sys 2010-08-24 00:38:08 ----SHD---- C:\System Volume Information 2010-08-24 00:38:08 ----ASH---- C:\hiberfil.sys ======List of files/folders modified in the last 2 months====== 2010-09-17 22:47:36 ----D---- C:\Windows\Temp 2010-09-17 22:41:17 ----D---- C:\Windows\Tasks 2010-09-17 22:31:15 ----RD---- C:\Program Files 2010-09-17 22:31:15 ----D---- C:\Windows\SysWOW64\drivers 2010-09-17 22:31:15 ----D---- C:\Windows\SysWOW64 2010-09-17 22:25:20 ----RD---- C:\Program Files (x86) 2010-09-17 20:43:17 ----HD---- C:\ProgramData 2010-09-17 20:14:36 ----SD---- C:\ProgramData\Microsoft 2010-09-17 20:10:57 ----D---- C:\Windows 2010-09-17 17:57:31 ----D---- C:\Windows\System32 2010-09-17 00:51:19 ----D---- C:\Windows\winsxs 2010-09-16 23:32:17 ----D---- C:\Windows\Downloaded Program Files 2010-09-15 17:56:38 ----D---- C:\Windows\inf 2010-09-10 18:02:56 ----RSD---- C:\Windows\assembly 2010-09-09 22:25:52 ----D---- C:\PerfLogs 2010-09-06 20:58:48 ----D---- C:\Windows\Registration 2010-09-03 19:50:11 ----D---- C:\Program Files (x86)\Common Files 2010-08-30 20:00:04 ----D---- C:\Windows\Logs 2010-08-30 18:01:13 ----D---- C:\Windows\LiveKernelReports 2010-08-26 17:33:25 ----D---- C:\Windows\rescache 2010-08-26 00:13:30 ----RSD---- C:\Windows\Fonts 2010-08-26 00:13:28 ----D---- C:\Windows\ShellNew 2010-08-26 00:09:32 ----D---- C:\Windows\ehome 2010-08-25 21:40:15 ----RSD---- C:\Windows\Media 2010-08-25 21:35:25 ----D---- C:\Windows\twain_32 2010-08-25 20:02:02 ----D---- C:\Windows\debug 2010-08-25 19:54:30 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-08-25 19:54:29 ----D---- C:\Program Files (x86)\MSBuild 2010-08-25 19:53:47 ----D---- C:\Program Files (x86)\Common Files\System 2010-08-25 19:53:45 ----A---- C:\Windows\win.ini 2010-08-25 19:08:35 ----D---- C:\Windows\AppPatch 2010-08-25 18:39:51 ----D---- C:\Windows\Help 2010-08-25 18:38:59 ----D---- C:\Windows\Microsoft.NET 2010-08-25 06:55:17 ----D---- C:\Program Files (x86)\Windows Media Player 2010-08-25 06:55:16 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-25 06:55:15 ----D---- C:\Windows\SysWOW64\migration 2010-08-25 06:55:15 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-25 03:59:30 ----D---- C:\Windows\SysWOW64\pl-PL 2010-08-24 00:45:54 ----SHD---- C:\$Recycle.Bin 2010-08-24 00:45:42 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2006-08-28 13312] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [] R3 AODDriver;AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 18136] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [] S3 aw7t6n6r;aw7t6n6r; C:\Windows\SysWOW64\drivers\aw7t6n6r.sys [] S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2008-12-27 44344] S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-08-12 16928] S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080] S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [] S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [] S3 usbscan;Sterownik skanera USB; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AODService;AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544] R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2009-12-22 95568] R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-09-17 1355928] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-25 651720] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-08-29 407336] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] nie znalazłem tego pliku do zeskanowania w wirus total a wpis w rejestrze miał przecinek gdy go chciałem wyedytować w czasie skanowania komp mi sie zawiesil z góry dzieki za pomoc tomek
Tomek01 komentarz 17 września 2010 komentarz 17 września 2010 Wygląda czysto. Profilaktycznie wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
_milan_ komentarz 17 września 2010 Autor komentarz 17 września 2010 w szybkim skanowaniu dr web nic nie wykrył, zrobie jeszcze pełne, ale to pewnie jutro wrzuce. panie doktorze, czy jest szansa ze pacjent bedzie zył? była juz taka przypadłość?
Tomek01 komentarz 17 września 2010 komentarz 17 września 2010 A czy coś się zmieniło w zachowaniu systemu ?
_milan_ komentarz 18 września 2010 Autor komentarz 18 września 2010 na razie działa ale głowy nie dam ze zaraz sie zawiesi aha, dr web w szybkim znalazł na koncu zmodyfikowane pliki hosts, i zaproponowal zamiane na normlane, podejrzewajac ze moga to byc pliki szkodliwe, nacisnalem tak. Nie lubie takich pytan, bo nie wiem czy dobrze robie teraz skanuje tym drugim, pelne, wiec pewnie zostawie na noc.pełny malwarebytes nic nie znalazł, system na razie chodzi gicior. Troche sie przestraszyłem , bo pojawily sie różne ukryte katalogi wszedzie, np. documents and settings oznaczone kłódką, i po probie wejscia wyskakiwało odmowa dostepu cos tam cos tam, , na innych partycjach pokazały sie kosze i inne peirdoly, no ale odhaczyłem "nie pokazuj ukrytych plików" i wszystko wyglada jak poprzednio to normlane z tym folderem ukrytym d&s na dysku c? jutro jeszcze zeskanuje pelnym doktorkiem, pozdro!wsyzstko na razie chodzi jak w zegarku, wielkie dzięki Tomek01, jur da men.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.