maniak93 utworzono 3 grudnia 2010 utworzono 3 grudnia 2010 Witam, Problem mam z zainstalowaniem antywirusa AVG Free Edition 2011. System jaki używam: Windows Server 2008r2 Komunikat wyskakujący podczas instalacji: -Poziom zagrożenia: Błąd -Kod błędu: 0xC0070643 -Informacje na temat błędu: Ogólny błąd wewnętrzny. -Dodatkowy komunikat: Wystąpił wewnętrzny błąd aplikacji MSI Engine. -Kontekst: Gromadzenie informacji o opcjach niestandardowych. Sprawa wygląda następująco - do dzisiaj używałem od dłuższego czasu AVG Free Edition 2011, lecz od kilku dni podczas aktualizacji wyskakiwał komunikat o 'błędzie ogólnym'. Postanowiłem dzisiaj z reinstalować program AVG Free Edition 2011, więc pobrałem ze strony AVG wersję 64 bitową programu(mój system jest 64 bitowy). Podczas instalacji po okienku, w którym wybiera się jedną z opcji 'Szybka instalacja' lub 'Instalacja niestandardowa' wyskakuje mi podany wyżej komunikat (w załączniku dodaje zrzut ekranu tego komunikatu). Po powierzchownym przeszukaniu internetu, znalazłem informację na Słoweńskim forum AVG: http://forums.avg.com/sk-sk/avg-free-forum?sec=thread&act=show&id=118297 Jednak przedstawione tam informacje okazały się niepomocne. Użyłem również narzędzia AVG Remover x64, lecz bez skutku. Myślę, że podałem wszelkie pomocne informacje, które mogą pomóc w rozwiązaniu mojego problemu. Systemu nie wykorzystuję komercyjnie - szkoła do której uczęszczam prowadzi projekt/uczestniczy w projekcie DreamSpark, który daje możliwość m.in. legalnego i darmowego używania systemu Windows Server 2008r2. Przeszła mi oczywiście przez głowę myśl, że antywirus może się nie instalować, ponieważ wykrywa system z reguły wykorzystywany do celów komercyjnych, lecz jak wyżej napisałem - tego samego antywirusa używałem od ok. 2 miesięcy, i wszystko było OK - być może AVG wprowadziło łatkę.. Tak, więc proszę o pomoc. PS. Próbowałem instalować wersje testowe programu AVG Anti-Virus 2011, lecz występuje ten sam problem. Logi z OTL (nie wiem czy tutaj pomogą, ale regulamin tak nakazuje): [log]OTL logfile created on: 2010-12-03 18:14:24 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop\Pobrane - Firefox 64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer Internet Explorer (Version = 9.0.7930.16406) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 20,00 Gb Total Space | 2,22 Gb Free Space | 11,12% Space Free | Partition Type: NTFS Drive D: | 100,00 Gb Total Space | 19,69 Gb Free Space | 19,69% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 31,38 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Drive F: | 120,00 Gb Total Space | 8,61 Gb Free Space | 7,17% Space Free | Partition Type: NTFS Drive G: | 80,00 Gb Total Space | 53,24 Gb Free Space | 66,55% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-12-03 18:12:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe PRC - [2010-11-12 09:24:27 | 000,016,856 | ---- | M] (Mozilla Corporation) -- G:\Mozilla Firefox\plugin-container.exe PRC - [2010-11-12 09:24:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- G:\Mozilla Firefox\firefox.exe PRC - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- G:\Version5\TeamViewer_Service.exe PRC - [2010-03-17 02:46:08 | 000,563,200 | ---- | M] () -- G:\Lightscreen\lightscreen.exe PRC - [2009-08-24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-12-03 18:12:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2010-03-24 07:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe -- (AVBackup) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe -- (ArcaBit.Core.LoggingService) SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe -- (ArcaBit.Core.Configurator) SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV) SRV:[b]64bit:[/b] - [2010-10-27 03:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010-05-06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2009-07-14 02:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-07-14 02:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP) SRV:[b]64bit:[/b] - [2009-07-14 02:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv) SRV - [2010-11-17 08:02:31 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- G:\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010-03-30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- G:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-08-24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009-07-14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009-07-14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009-07-14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009-07-14 02:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | System | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI) DRV:[b]64bit:[/b] - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT) DRV:[b]64bit:[/b] - [2010-11-05 15:30:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2010-10-27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010-10-27 03:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010-06-25 15:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2010-03-18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:[b]64bit:[/b] - [2010-03-18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2010-03-18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2009-12-01 18:14:40 | 000,040,528 | ---- | M] (ArcaBit) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\abndis.sys -- (ABndisMP) DRV:[b]64bit:[/b] - [2009-12-01 18:14:40 | 000,040,528 | ---- | M] (ArcaBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\abndis.sys -- (ABndis) DRV:[b]64bit:[/b] - [2009-07-30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-07-17 19:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv) DRV:[b]64bit:[/b] - [2009-07-14 00:42:54 | 000,121,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp) DRV:[b]64bit:[/b] - [2009-07-14 00:42:47 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid) DRV:[b]64bit:[/b] - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009-06-10 21:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel(R) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV - [2010-12-03 17:44:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009-07-14 00:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682 IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: G:\Mozilla Firefox\components [2010-11-12 09:24:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: G:\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: G:\Mozilla Thunderbird\components [2010-11-18 13:29:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: G:\Mozilla Thunderbird\plugins [2010-11-05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010-11-05 15:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-401211014-2870162720-485859336-500..\Run: [Lightscreen] G:\Lightscreen\lightscreen.exe () O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = G:\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O9:[b]64bit:[/b] - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found O9:[b]64bit:[/b] - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.159.225 O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Pliki programów (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - File not found MsConfig:64bit - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - G:\OpenOffice\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - G:\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b]AQQ[/b] - hkey= - key= - G:\WapSter AQQ\AQQ.exe (Creative Team S.A.) MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - G:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: [b]HTC Home[/b] - hkey= - key= - G:\HTC Home 2.0 Build 166\HTCHome.exe File not found MsConfig:64bit - StartUpReg: [b]HTC Home Widget[/b] - hkey= - key= - G:\HTC Home\HTCHome (x64).exe (Stealth Software) MsConfig:64bit - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - G:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NativeWifiP - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Wlansvc - Service SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - G:\Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NativeWifiP - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: Wlansvc - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-12-03 17:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2010-12-02 17:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-12-02 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner [2010-12-02 15:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcaBit [2010-12-02 14:46:07 | 000,040,528 | ---- | C] (ArcaBit) -- C:\Windows\SysNative\drivers\abndis.sys [2010-12-02 14:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\ArcaBit [2010-12-02 14:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010-11-30 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2010-11-30 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\TrackMania [2010-11-29 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc [2010-11-28 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2010-11-28 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2010-11-28 18:07:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\BFBC2 [2010-11-25 09:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2010-11-25 08:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010-11-19 18:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\restore [2010-11-19 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\JAM Software [2010-11-18 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo [2010-11-18 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads [2010-11-18 15:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010-11-15 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\matma [2010-11-15 15:19:46 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2010-11-15 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations [2010-11-14 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2010-11-14 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX [2010-11-14 10:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010-11-14 10:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010-11-14 10:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010-11-14 10:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010-11-14 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\gctmp [2010-11-14 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xenocode [2010-11-14 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR [2010-11-13 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin [2010-11-13 20:47:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\GTA San Andreas User Files [2010-11-12 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer [2010-11-12 14:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2010-11-11 22:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010-11-11 14:31:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics [2010-11-10 22:43:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Activision [2010-11-10 22:37:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010-11-10 19:52:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2010-11-10 19:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010-11-10 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard [2010-11-10 17:30:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games [2010-11-09 20:53:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ArmA 2 OA DEMO [2010-11-08 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\marek_firefox [2010-11-08 17:55:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2010-11-08 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\EurekaLog [2010-11-07 19:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited [2010-11-07 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2010-11-07 18:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2010-11-07 15:02:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2010-11-07 14:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010-11-07 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010-11-07 14:50:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tibia [2010-11-07 13:48:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\DOSBox [2010-11-07 13:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74 [2010-11-07 13:33:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LogMeIn Hamachi [2010-11-07 11:42:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe [2010-11-06 11:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool [2010-11-06 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.VirtualBox [2010-11-06 11:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010-11-06 10:41:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\WapSter [2010-11-05 23:20:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010-11-05 23:16:49 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010-11-05 21:53:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010-11-05 21:53:22 | 000,000,000 | -HSD | C] -- C:\Boot [2010-11-05 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0 [2010-11-05 19:19:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.thumbnails [2010-11-05 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\gegl-0.0 [2010-11-05 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gimp-2.6 [2010-11-05 19:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010-11-05 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios [2010-11-05 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Stronghold 2 [2010-11-05 18:06:48 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010-11-05 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\skypePM [2010-11-05 17:34:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010-11-05 17:34:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype [2010-11-05 17:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010-11-05 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010-11-05 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010-11-05 16:10:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TS3Client [2010-11-05 16:08:40 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real [2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Real [2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010-11-05 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Leadertech [2010-11-05 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2010-11-05 16:03:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010-11-05 16:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2010-11-05 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech [2010-11-05 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd [2010-11-05 16:01:54 | 000,000,000 | ---D | C] -- C:\totalcmd [2010-11-05 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2010-11-05 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Thunderbird [2010-11-05 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Thunderbird [2010-11-05 15:43:38 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Administrator\Desktop\procexp.exe [2010-11-05 15:43:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010-11-05 15:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010-11-05 15:40:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop\screeny [2010-11-05 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu [2010-11-05 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Gadu-Gadu [2010-11-05 15:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery [2010-11-05 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2010-11-05 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010-11-05 15:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices [2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\inetpub [2010-11-05 14:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010-11-05 14:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010-11-05 14:36:24 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop\Pobrane - Firefox [2010-11-05 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2010-11-05 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2010-11-05 14:30:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010-11-05 14:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010-11-05 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010-11-05 14:22:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010-11-05 13:51:51 | 000,236,544 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2010-11-05 13:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010-11-05 13:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2010-11-05 13:49:58 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2010-11-05 13:49:58 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2010-11-05 13:49:55 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010-11-05 13:49:55 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010-11-05 13:49:55 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010-11-05 13:49:54 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010-11-05 13:49:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010-11-05 13:49:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010-11-05 13:49:47 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010-11-05 13:49:45 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010-11-05 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2010-11-05 13:49:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010-11-05 13:49:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010-11-05 13:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigabyte [2010-11-05 13:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010-11-05 13:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\pl-PL [2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL [2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\pl-PL [2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pl [2010-11-05 13:22:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pl [2010-11-05 13:20:08 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\pl-PL\pscr.sys.mui [2010-11-05 13:20:04 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerIb.sys.mui [2010-11-05 13:20:03 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerId.sys.mui [2010-11-05 13:20:03 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrParwdm.sys.mui [2010-11-05 13:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2010-11-05 13:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Photo Viewer [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Photo Viewer [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\twain_32 [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\LogFiles [2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2010-11-05 12:58:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010-11-05 12:58:25 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2010-11-05 12:58:25 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2010-11-05 12:58:25 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data [2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data [2010-11-05 12:58:14 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2010-11-05 12:58:14 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2010-11-05 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2010-11-05 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2010-11-05 12:57:38 | 000,000,000 | -HSD | C] -- C:\Recovery [2010-11-05 12:54:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-10-27 03:52:12 | 000,478,208 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2010-10-27 03:51:36 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2010-10-27 03:50:28 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2010-10-27 03:49:52 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-12-03 18:15:52 | 002,621,440 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2010-12-03 17:52:11 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010-12-03 17:52:11 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010-12-03 17:49:21 | 001,767,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010-12-03 17:49:21 | 000,777,844 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2010-12-03 17:49:21 | 000,686,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010-12-03 17:49:21 | 000,171,448 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2010-12-03 17:49:21 | 000,132,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010-12-03 17:49:02 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2010-12-03 17:44:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-12-03 17:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-12-03 17:43:41 | 005,265,818 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2010-12-03 17:30:17 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2010-12-03 17:30:17 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2010-12-02 17:30:58 | 000,195,694 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20101202_173027.reg [2010-12-02 17:30:10 | 200,512,338 | ---- | M] () -- C:\Users\Administrator\Desktop\0210.reg [2010-12-02 17:27:57 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-12-02 17:03:03 | 000,000,960 | ---- | M] () -- C:\Users\Administrator\Desktop\RegCleaner.lnk [2010-11-30 21:44:33 | 000,022,115 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel [2010-11-30 21:39:00 | 000,000,558 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010-11-30 20:33:54 | 000,489,691 | ---- | M] () -- C:\Users\Administrator\Desktop\Matma.jpg [2010-11-30 20:19:09 | 000,000,614 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2010-11-30 14:46:29 | 005,046,552 | ---- | M] () -- C:\Users\Administrator\Desktop\matma.rar [2010-11-28 19:11:13 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer [2010-11-28 18:06:52 | 000,000,937 | ---- | M] () -- C:\Users\Administrator\Desktop\BFBC2.lnk [2010-11-28 16:46:04 | 000,000,902 | ---- | M] () -- C:\Users\Administrator\Desktop\WoW - Molten.lnk [2010-11-25 21:28:15 | 000,000,684 | ---- | M] () -- C:\Users\Administrator\Desktop\samp.lnk [2010-11-23 12:56:50 | 000,001,229 | ---- | M] () -- C:\Users\Administrator\Desktop\czero_polish.lnk [2010-11-21 20:00:11 | 000,091,797 | ---- | M] () -- C:\Users\Administrator\maniek.jpg [2010-11-21 19:06:47 | 000,363,047 | ---- | M] () -- C:\Users\Administrator\Desktop\hist.jpg [2010-11-21 19:06:45 | 000,450,667 | ---- | M] () -- C:\Users\Administrator\Desktop\hist2.jpg [2010-11-21 19:06:43 | 000,337,167 | ---- | M] () -- C:\Users\Administrator\Desktop\hist3.jpg [2010-11-21 17:47:00 | 001,332,981 | ---- | M] () -- C:\Users\Administrator\Desktop\Hista.rar [2010-11-21 10:58:51 | 000,000,668 | ---- | M] () -- C:\Users\Administrator\Desktop\Jed's Half-Life Model Viewer.lnk [2010-11-21 10:34:53 | 000,297,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010-11-20 20:13:34 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2010-11-20 17:17:06 | 000,066,872 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2010-11-20 17:05:38 | 000,000,546 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk [2010-11-18 15:58:16 | 000,012,711 | ---- | M] () -- C:\Users\Administrator\Desktop\mareksyp.xcf [2010-11-17 11:56:24 | 000,001,350 | ---- | M] () -- C:\Users\Administrator\Desktop\SaveGames - CRYSIS.lnk [2010-11-17 11:46:58 | 000,000,611 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk [2010-11-16 19:45:39 | 000,001,018 | ---- | M] () -- C:\Users\Administrator\Desktop\Crysis WARHEAD.lnk [2010-11-15 15:14:35 | 000,001,142 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2010-11-14 22:32:51 | 000,007,606 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2010-11-14 10:38:48 | 000,000,530 | ---- | M] () -- C:\Users\Administrator\Desktop\Fraps.lnk [2010-11-14 10:28:04 | 000,000,757 | ---- | M] () -- C:\Users\Administrator\Desktop\Movies - fraps.lnk [2010-11-12 17:28:07 | 000,000,898 | ---- | M] () -- C:\Users\Administrator\Desktop\HTCHome.lnk [2010-11-11 12:41:44 | 000,000,817 | ---- | M] () -- C:\Users\Administrator\Desktop\CoD 5.lnk [2010-11-08 17:05:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-11-07 14:51:37 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010-11-07 14:35:48 | 000,000,515 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2010-11-07 13:48:17 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2010-11-06 12:06:33 | 000,001,447 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010-11-06 11:26:55 | 000,001,243 | ---- | M] () -- C:\Users\Administrator\Desktop\cstrike_polish.lnk [2010-11-06 11:09:34 | 000,000,570 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2010-11-06 11:09:34 | 000,000,570 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2010-11-06 10:41:37 | 000,000,375 | ---- | M] () -- C:\Users\Administrator\Desktop\AQQ.lnk [2010-11-06 10:41:36 | 000,000,375 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom AQQ.lnk [2010-11-05 23:19:57 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl [2010-11-05 21:53:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-05 19:09:51 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010-11-05 18:06:48 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010-11-05 17:35:49 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-11-05 17:34:39 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-05 17:29:56 | 000,000,897 | ---- | M] () -- C:\Users\Administrator\Desktop\Stronghold2.lnk [2010-11-05 17:29:45 | 000,000,538 | ---- | M] () -- C:\Users\Administrator\Desktop\NEEDS EMULATION.lnk [2010-11-05 16:56:17 | 000,000,198 | ---- | M] () -- C:\Users\Administrator\Desktop\Condition Zero.url [2010-11-05 16:55:38 | 000,000,198 | ---- | M] () -- C:\Users\Administrator\Desktop\Counter-Strike.url [2010-11-05 16:55:07 | 000,000,541 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010-11-05 16:10:31 | 001,741,884 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-11-05 16:09:18 | 000,000,592 | ---- | M] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk [2010-11-05 16:01:56 | 000,000,638 | ---- | M] () -- C:\Users\Administrator\Desktop\Total Commander.lnk [2010-11-05 16:00:52 | 000,000,576 | ---- | M] () -- C:\Users\Administrator\Desktop\PhotoFiltre.lnk [2010-11-05 15:56:41 | 000,000,694 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2010-11-05 15:50:18 | 000,000,584 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TB-Tray.lnk [2010-11-05 15:50:18 | 000,000,584 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TB-Tray.lnk [2010-11-05 15:49:45 | 000,000,694 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2010-11-05 15:40:02 | 000,000,576 | ---- | M] () -- C:\Users\Administrator\Desktop\Lightscreen.lnk [2010-11-05 15:31:26 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\DesignPro 5.lnk [2010-11-05 15:30:46 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-05 15:30:46 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-05 15:15:09 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010-11-05 14:24:07 | 000,000,590 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010-11-05 14:21:50 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2010-11-05 13:22:07 | 000,337,158 | ---- | M] () -- C:\Windows\SysNative\perfi015.dat [2010-11-05 13:22:07 | 000,038,710 | ---- | M] () -- C:\Windows\SysNative\perfd015.dat [2010-11-05 13:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010-11-05 13:14:21 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-05 13:14:21 | 000,000,705 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 6.lnk [2010-11-05 13:05:02 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini [2010-11-05 12:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-11-05 12:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-11-05 12:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-11-05 12:58:15 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini [2010-11-05 12:56:37 | 000,049,361 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010-11-05 12:56:37 | 000,049,361 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010-10-27 03:55:34 | 000,099,504 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2010-10-27 03:52:12 | 000,478,208 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2010-10-27 03:51:36 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2010-10-27 03:50:28 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2010-10-27 03:49:52 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2010-10-27 03:14:58 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll [2010-10-27 02:54:52 | 000,653,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2010-10-27 02:49:46 | 000,653,056 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-03 17:49:02 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2010-12-03 17:30:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2010-12-03 17:30:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2010-12-02 17:30:34 | 000,195,694 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20101202_173027.reg [2010-12-02 17:29:46 | 200,512,338 | ---- | C] () -- C:\Users\Administrator\Desktop\0210.reg [2010-12-02 17:27:57 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010-12-02 17:03:03 | 000,000,960 | ---- | C] () -- C:\Users\Administrator\Desktop\RegCleaner.lnk [2010-11-30 21:44:33 | 000,022,115 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel [2010-11-30 21:39:00 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010-11-30 20:32:08 | 000,489,691 | ---- | C] () -- C:\Users\Administrator\Desktop\Matma.jpg [2010-11-30 20:19:09 | 000,000,614 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk [2010-11-30 14:46:05 | 005,046,552 | ---- | C] () -- C:\Users\Administrator\Desktop\matma.rar [2010-11-28 19:11:13 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer [2010-11-28 18:06:52 | 000,000,937 | ---- | C] () -- C:\Users\Administrator\Desktop\BFBC2.lnk [2010-11-28 16:46:04 | 000,000,902 | ---- | C] () -- C:\Users\Administrator\Desktop\WoW - Molten.lnk [2010-11-25 21:28:15 | 000,000,684 | ---- | C] () -- C:\Users\Administrator\Desktop\samp.lnk [2010-11-25 09:06:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010-11-23 12:56:50 | 000,001,229 | ---- | C] () -- C:\Users\Administrator\Desktop\czero_polish.lnk [2010-11-21 19:49:18 | 000,091,797 | ---- | C] () -- C:\Users\Administrator\maniek.jpg [2010-11-21 17:47:14 | 000,450,667 | ---- | C] () -- C:\Users\Administrator\Desktop\hist2.jpg [2010-11-21 17:47:14 | 000,363,047 | ---- | C] () -- C:\Users\Administrator\Desktop\hist.jpg [2010-11-21 17:47:14 | 000,337,167 | ---- | C] () -- C:\Users\Administrator\Desktop\hist3.jpg [2010-11-21 17:46:43 | 001,332,981 | ---- | C] () -- C:\Users\Administrator\Desktop\Hista.rar [2010-11-21 10:58:51 | 000,000,668 | ---- | C] () -- C:\Users\Administrator\Desktop\Jed's Half-Life Model Viewer.lnk [2010-11-20 17:05:38 | 000,000,546 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk [2010-11-18 15:58:16 | 000,012,711 | ---- | C] () -- C:\Users\Administrator\Desktop\mareksyp.xcf [2010-11-17 11:56:24 | 000,001,350 | ---- | C] () -- C:\Users\Administrator\Desktop\SaveGames - CRYSIS.lnk [2010-11-16 19:45:39 | 000,001,018 | ---- | C] () -- C:\Users\Administrator\Desktop\Crysis WARHEAD.lnk [2010-11-15 15:14:35 | 000,001,142 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2010-11-14 10:28:04 | 000,000,757 | ---- | C] () -- C:\Users\Administrator\Desktop\Movies - fraps.lnk [2010-11-14 10:23:45 | 000,000,530 | ---- | C] () -- C:\Users\Administrator\Desktop\Fraps.lnk [2010-11-14 10:07:43 | 000,428,614 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7677.txt [2010-11-14 10:07:43 | 000,011,488 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7677.txt [2010-11-12 17:28:07 | 000,000,898 | ---- | C] () -- C:\Users\Administrator\Desktop\HTCHome.lnk [2010-11-11 12:41:44 | 000,000,817 | ---- | C] () -- C:\Users\Administrator\Desktop\CoD 5.lnk [2010-11-10 18:04:54 | 000,000,611 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk [2010-11-08 17:05:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010-11-07 15:01:34 | 000,419,406 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI3471.txt [2010-11-07 15:01:34 | 000,011,494 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI3471.txt [2010-11-07 14:51:37 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010-11-07 14:35:48 | 000,000,515 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk [2010-11-07 13:48:17 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2010-11-06 11:26:55 | 000,001,243 | ---- | C] () -- C:\Users\Administrator\Desktop\cstrike_polish.lnk [2010-11-06 11:20:20 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2010-11-06 11:20:20 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2010-11-06 11:09:34 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2010-11-06 11:09:34 | 000,000,570 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2010-11-06 10:55:51 | 000,007,606 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg [2010-11-06 10:41:37 | 000,000,375 | ---- | C] () -- C:\Users\Administrator\Desktop\AQQ.lnk [2010-11-06 10:41:36 | 000,000,375 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom AQQ.lnk [2010-11-05 23:19:57 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl [2010-11-05 23:09:20 | 000,112,640 | ---- | C] () -- C:\Windows\lsb_un20.exe [2010-11-05 21:53:23 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010-11-05 21:53:22 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010-11-05 19:09:51 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010-11-05 17:35:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010-11-05 17:34:39 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010-11-05 17:29:56 | 000,000,897 | ---- | C] () -- C:\Users\Administrator\Desktop\Stronghold2.lnk [2010-11-05 17:29:45 | 000,000,538 | ---- | C] () -- C:\Users\Administrator\Desktop\NEEDS EMULATION.lnk [2010-11-05 16:56:17 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\Desktop\Condition Zero.url [2010-11-05 16:55:38 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\Desktop\Counter-Strike.url [2010-11-05 16:51:40 | 000,000,541 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010-11-05 16:09:18 | 000,000,592 | ---- | C] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk [2010-11-05 16:02:46 | 000,392,752 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46FD.txt [2010-11-05 16:02:44 | 000,014,122 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46FD.txt [2010-11-05 16:01:56 | 000,000,638 | ---- | C] () -- C:\Users\Administrator\Desktop\Total Commander.lnk [2010-11-05 16:01:55 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2010-11-05 16:01:55 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2010-11-05 16:00:52 | 000,000,576 | ---- | C] () -- C:\Users\Administrator\Desktop\PhotoFiltre.lnk [2010-11-05 15:50:18 | 000,000,584 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TB-Tray.lnk [2010-11-05 15:50:18 | 000,000,584 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TB-Tray.lnk [2010-11-05 15:49:45 | 000,000,694 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2010-11-05 15:49:45 | 000,000,694 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2010-11-05 15:40:02 | 000,000,576 | ---- | C] () -- C:\Users\Administrator\Desktop\Lightscreen.lnk [2010-11-05 15:31:26 | 000,001,571 | ---- | C] () -- C:\Users\Public\Desktop\DesignPro 5.lnk [2010-11-05 15:30:46 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010-11-05 15:30:46 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010-11-05 15:15:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-11-05 15:05:04 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2010-11-05 15:05:04 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010-11-05 15:05:04 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2010-11-05 15:05:04 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2010-11-05 14:53:07 | 001,741,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010-11-05 14:21:17 | 000,000,590 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010-11-05 14:09:04 | 000,000,675 | ---- | C] () -- C:\Users\Administrator\volshext.log [2010-11-05 13:52:01 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2010-11-05 13:48:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010-11-05 13:22:39 | 000,777,844 | ---- | C] () -- C:\Windows\SysNative\perfh015.dat [2010-11-05 13:22:39 | 000,337,158 | ---- | C] () -- C:\Windows\SysNative\perfi015.dat [2010-11-05 13:22:39 | 000,171,448 | ---- | C] () -- C:\Windows\SysNative\perfc015.dat [2010-11-05 13:22:39 | 000,038,710 | ---- | C] () -- C:\Windows\SysNative\perfd015.dat [2010-11-05 13:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010-11-05 13:14:21 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010-11-05 13:14:21 | 000,000,705 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 6.lnk [2010-11-05 13:10:41 | 000,001,447 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010-11-05 13:01:32 | 005,265,818 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2010-11-05 12:58:40 | 000,066,872 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT [2010-11-05 12:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010-11-05 12:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010-11-05 12:58:15 | 000,262,144 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG1 [2010-11-05 12:58:15 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010-11-05 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini [2010-11-05 12:58:15 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG2 [2010-11-05 12:58:14 | 002,621,440 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT [2010-11-05 12:58:14 | 000,001,304 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Server Manager.lnk [2010-11-05 12:58:14 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010-11-05 12:58:14 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010-10-27 03:55:34 | 000,099,504 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2010-10-27 02:54:52 | 000,653,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2010-10-27 02:49:46 | 000,653,056 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2009-07-14 05:57:55 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2009-07-14 05:57:55 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2009-07-14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009-07-14 03:34:57 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini [2009-07-14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010-11-05 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2010-11-08 16:32:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog [2010-11-05 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu [2010-11-18 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo [2010-11-05 22:02:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2010-11-30 15:44:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0 [2010-11-19 16:21:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software [2010-11-05 16:04:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech [2010-11-07 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org [2010-11-13 22:39:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin [2010-11-12 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer [2010-11-05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird [2010-11-07 14:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tibia [2010-11-05 16:10:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client [2010-11-07 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG10 [2009-07-14 06:06:36 | 000,026,158 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010-11-05 21:53:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010-11-05 13:52:24 | 000,000,010 | ---- | M] () -- C:\csb.log [2010-11-05 13:52:13 | 000,000,190 | ---- | M] () -- C:\Install.log [2010-12-03 17:44:25 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys [2010-11-05 13:50:14 | 000,003,176 | ---- | M] () -- C:\RHDSetup.log [2010-12-03 18:15:55 | 000,000,200 | ---- | M] () -- C:\service.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report >[/log] [log]OTL Extras logfile created on: 2010-12-03 18:14:24 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop\Pobrane - Firefox 64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer Internet Explorer (Version = 9.0.7930.16406) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 20,00 Gb Total Space | 2,22 Gb Free Space | 11,12% Space Free | Partition Type: NTFS Drive D: | 100,00 Gb Total Space | 19,69 Gb Free Space | 19,69% Space Free | Partition Type: NTFS Drive E: | 50,00 Gb Total Space | 31,38 Gb Free Space | 62,77% Space Free | Partition Type: NTFS Drive F: | 120,00 Gb Total Space | 8,61 Gb Free Space | 7,17% Space Free | Partition Type: NTFS Drive G: | 80,00 Gb Total Space | 53,24 Gb Free Space | 66,55% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_USERS\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- G:\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{AB048BF4-6AD7-450B-9538-0DF2C9229840}" = Oracle VM VirtualBox 3.2.6 "{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SP6" = Logitech SetPoint 6.15 "Speccy" = Speccy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{33DE82AC-A35F-4f41-AC10-7932D5F12528}" = Harry Potter and the Order of the Phoenix™ Demo "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "DivX Setup.divx.com" = DivX Setup "Fraps" = Fraps (remove only) "InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "JDownloader" = JDownloader "Jed's Half-Life Model Viewer" = Jed's Half-Life Model Viewer 1.3.6 "Lightscreen" = Lightscreen "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 4.0b7 (x86 pl)" = Mozilla Firefox 4.0b7 (x86 pl) "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6) "PhotoFiltre" = PhotoFiltre "RealAlt_is1" = Real Alternative 1.9.0 "Steam App 10" = Counter-Strike "Steam App 80" = Counter-Strike: Condition Zero "TeamViewer 5" = TeamViewer 5 "Thunderbird-Tray" = Thunderbird-Tray "Tibia_is1" = Tibia "TmNationsForever_is1" = TmNationsForever "Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812 "Totalcmd" = Total Commander (Remove or Repair) "TreeSize Free_is1" = TreeSize Free V2.5 "VLC media player" = VLC media player 1.1.5 "WinGimp-2.0_is1" = GIMP 2.6.7 "World of Warcraft" = World of Warcraft [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "TeamSpeak 3 Client" = TeamSpeak 3 Client [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-12-01 16:26:57 | Computer Name = marek | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "g:\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "g:\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2010-12-02 09:09:09 | Computer Name = marek | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "g:\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "g:\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2010-12-02 09:46:14 | Computer Name = marek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe_iphlpsvc, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x398 Godzina uruchomienia aplikacji powodującej błąd: 0x01cb921c62915f68 Ścieżka aplikacji powodującej błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 874bb443-fe1a-11df-b7f8-00241ddd9ec0 Error - 2010-12-02 11:31:47 | Computer Name = marek | Source = Application Hang | ID = 1002 Description = Program explorer.exe w wersji 6.1.7600.16450 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 634 Godzina rozpoczęcia: 01cb9234b2f840d5 Godzina zakończenia: 13376 Ścieżka aplikacji: C:\Windows\explorer.exe Identyfikator raportu: 3d144fb6-fe29-11df-b8ca-00241ddd9ec0 Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Main Service. Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Backup Service. Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Tasks Service. Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit.Core.Configurator. Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Control. Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Update Service. < End of report > [/code] RSIT: [code]info.txt logfile of random's system information tool 1.08 2010-12-03 18:15:56 ======Uninstall list====== Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.4.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67} Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0415 Counter-Strike: Condition Zero-->"D:\Steam\steam.exe" steam://uninstall/80 Counter-Strike-->"D:\Steam\steam.exe" steam://uninstall/10 Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4} DesignPro 5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DF57E946-4885-4EEA-A958-D5F82CB21B99} DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com EasySaver B9.0904.1 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} Feedback Tool-->MsiExec.exe /I{90024193-9F13-4877-89D5-A1CDF0CBBF28} Fraps (remove only)-->"G:\Fraps\uninstall.exe" GIMP 2.6.7-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe" GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly Harry Potter and the Order of the Phoenix™ Demo-->D:\Harry Potter i Zakon Feniksa\EAUninstall.exe Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} JDownloader-->G:\Jdownloader\uninstall.exe Jed's Half-Life Model Viewer 1.3.6-->G:\Jed's Half-Life Model Viewer 1.3.6\uninst.exe Lightscreen-->"G:\Lightscreen\uninstall.exe" LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox 4.0b7 (x86 pl)-->G:\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (3.1.6)-->G:\Mozilla Thunderbird\uninstall\helper.exe OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9} PhotoFiltre-->"G:\PhotoFiltre\Uninst.exe" Real Alternative 1.9.0-->"G:\Real Alternative\unins000.exe" Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamViewer 5-->G:\Version5\uninstall.exe Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} Thunderbird-Tray-->G:\Thunderbird-Tray\TBTray-Uninstall.exe Tibia-->"D:\Tibia\unins000.exe" TmNationsForever-->"D:\TmNationsForever\unins000.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Total Video Converter 3.71 100812-->"G:\Total Video Converter\unins000.exe" TreeSize Free V2.5-->"G:\TreeSize Free\unins000.exe" Update Manager B09.0908.1-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E25C468-7745-4051-8B37-4A2C6635BA8B} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} VLC media player 1.1.5-->G:\VLC\uninstall.exe WapSter AQQ-->G:\WapSter AQQ\uninstall.exe World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe ======System event log====== Computer Name: WIN-C2PU8RCKJ76 Event Code: 62464 Message: UVD Information Record Number: 36314 Source Name: amdkmdag Time Written: 20101106210421.765625-000 Event Type: Informacje User: Computer Name: WIN-C2PU8RCKJ76 Event Code: 62464 Message: UVD Information Record Number: 36313 Source Name: amdkmdag Time Written: 20101106210421.765625-000 Event Type: Informacje User: Computer Name: WIN-C2PU8RCKJ76 Event Code: 62464 Message: UVD Information Record Number: 36312 Source Name: amdkmdag Time Written: 20101106210421.765625-000 Event Type: Informacje User: Computer Name: WIN-C2PU8RCKJ76 Event Code: 62464 Message: UVD Information Record Number: 36311 Source Name: amdkmdag Time Written: 20101106210420.709960-000 Event Type: Informacje User: Computer Name: WIN-C2PU8RCKJ76 Event Code: 62464 Message: UVD Information Record Number: 36310 Source Name: amdkmdag Time Written: 20101106210420.709960-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247D25-07 Event Code: 1001 Message: Pakiet błędów , typ 0 Nazwa zdarzenia: PnPGenericDriverFound Odpowiedź: Not available Identyfikator pliku Cab: 0 Sygnatura problemu: P1: x64 P2: PCI\VEN_1002&DEV_68B8&SUBSYS_22881787&REV_00 P3: P4: P5: P6: P7: P8: P9: P10: Dołączone pliki: Te pliki mogą być dostępne tutaj: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_27897cf1e8aad921db2d4163a0db0ba5d73d51_cab_065dab3f Symbol analizy: Ponowne sprawdzanie rozwiązania: 0 Identyfikator raportu: 9dbd15c4-e8d3-11df-9bab-f35c9017f0f8 Stan raportu: 6 Record Number: 5 Source Name: Windows Error Reporting Time Written: 20101105115543.000000-000 Event Type: Informacje User: Computer Name: 37L4247D25-07 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20101105115448.000000-000 Event Type: Informacje User: Computer Name: 37L4247D25-07 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 3 Source Name: Microsoft-Windows-WMI Time Written: 20101105115445.000000-000 Event Type: Informacje User: Computer Name: 37L4247D25-07 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101105115440.656250-000 Event Type: Informacje User: NT AUTHORITY\SYSTEM Computer Name: 37L4247D25-07 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 1 Source Name: Microsoft-Windows-EventSystem Time Written: 20101105115441.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: 37L4247D25-07 Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: NT AUTHORITY Identyfikator logowania: 0x3e7 Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101105115427.859375-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D25-07 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247D25-07$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 5 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: NT AUTHORITY Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x1e4 Nazwa procesu: C:\Windows\System32\services.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101105115427.859375-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D25-07 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x29460 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101105115427.531250-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D25-07 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: NT AUTHORITY Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101105115426.296875-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247D25-07 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20101105115426.250000-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;\Common "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=3 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0502 "VBOX_INSTALL_PATH"=G:\VirtualBox\ -----------------EOF-----------------[/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-12-03 18:15:44 Microsoft Windows Server 2008 R2 Enterprise System drive C: has 2 GB (11%) free of 20 GB Total RAM: 4094 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:15:54, on 2010-12-03 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: G:\Lightscreen\lightscreen.exe G:\Mozilla Firefox\firefox.exe G:\Mozilla Firefox\plugin-container.exe C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe C:\Users\Administrator\Desktop\Pobrane - Firefox\RSIT.exe C:\Program Files (x86)\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Java\bin\jp2ssv.dll O4 - HKCU\..\Run: [Lightscreen] G:\Lightscreen\lightscreen.exe -h O4 - Startup: Mozilla Thunderbird.lnk = G:\Mozilla Thunderbird\thunderbird.exe O4 - Global Startup: TB-Tray.lnk = G:\Thunderbird-Tray\TBTray.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://s1.gg.adocean.pl O15 - ESC Trusted Zone: http://mirror.mcs.anl.gov O15 - ESC Trusted Zone: http://*.bankier.pl O15 - ESC Trusted Zone: http://gg.hit.gemius.pl O15 - ESC Trusted Zone: http://ggao.hit.gemius.pl O15 - ESC Trusted Zone: http://www.google-analytics.com O15 - ESC Trusted Zone: http://mirror.karneval.cz O15 - ESC Trusted Zone: http://mozilla.cdn.leaseweb.com O15 - ESC Trusted Zone: http://runonce.msn.com O15 - ESC Trusted Zone: http://ftp.halifax.rwth-aachen.de O15 - ESC Trusted Zone: http://mozilla.c3sl.ufpr.br O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM) O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcaBit Main Service (ABMainSV) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ArcaBit.Core.Configurator - Unknown owner - C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe (file missing) O23 - Service: ArcaBit.Core.LoggingService - Unknown owner - C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe (file missing) O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing) O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing) O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\Program Files\ArcaBit\Common\ArcaTasksService.exe (file missing) O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\Program Files\ArcaBit\ArcaUpdate\update.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - G:\Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - G:\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 7312 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - G:\Java\bin\jp2ssv.dll [2010-11-07 41760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Lightscreen"=G:\Lightscreen\lightscreen.exe [2010-03-17 563200] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup TB-Tray.lnk - G:\Thunderbird-Tray\TBTray.exe C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Mozilla Thunderbird.lnk - G:\Mozilla Thunderbird\thunderbird.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli rassfm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "disablecad"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=0 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "ShowSuperHidden"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-12-03 18:15:45 ----D---- C:\Program Files (x86)\trend micro 2010-12-03 18:15:44 ----D---- C:\rsit 2010-12-02 17:33:34 ----ASH---- C:\pagefile.sys 2010-12-02 17:03:02 ----D---- C:\Program Files (x86)\RegCleaner 2010-12-02 16:09:08 ----A---- C:\Windows\explorer.exe.Back 2010-12-02 15:53:09 ----D---- C:\ProgramData\ArcaBit 2010-12-02 14:40:29 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2010-11-30 20:19:27 ----D---- C:\ProgramData\TrackMania 2010-11-29 16:21:29 ----D---- C:\Users\Administrator\AppData\Roaming\vlc 2010-11-25 09:06:38 ----D---- C:\ProgramData\HP 2010-11-25 08:39:33 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-11-24 18:29:07 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-11-24 18:29:06 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-11-24 18:29:05 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-11-19 16:21:55 ----D---- C:\Users\Administrator\AppData\Roaming\JAM Software 2010-11-18 17:28:19 ----D---- C:\Users\Administrator\AppData\Roaming\GetRightToGo 2010-11-18 15:30:19 ----D---- C:\ProgramData\Windows Genuine Advantage 2010-11-14 11:20:54 ----D---- C:\Users\Administrator\AppData\Roaming\Media Player Classic 2010-11-14 10:12:23 ----D---- C:\Users\Administrator\AppData\Roaming\DivX 2010-11-14 10:11:32 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-11-14 10:11:12 ----D---- C:\Program Files (x86)\DivX 2010-11-14 10:10:27 ----D---- C:\ProgramData\DivX 2010-11-14 09:45:38 ----D---- C:\Users\Administrator\AppData\Roaming\WinRAR 2010-11-13 22:39:09 ----D---- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin 2010-11-12 14:23:52 ----D---- C:\Users\Administrator\AppData\Roaming\TeamViewer 2010-11-12 14:23:48 ----D---- C:\Program Files (x86)\TeamViewer 2010-11-11 22:08:48 ----D---- C:\ProgramData\Blizzard Entertainment 2010-11-10 22:37:18 ----SHD---- C:\Windows\ftpcache 2010-11-10 19:35:22 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2010-11-10 19:35:06 ----D---- C:\ProgramData\Blizzard 2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll 2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll 2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll 2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll 2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll 2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll 2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll 2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll 2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll 2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll 2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll 2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll 2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll 2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll 2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll 2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll 2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll 2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll 2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll 2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\xinput1_3.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll 2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll 2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll 2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll 2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll 2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll 2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll 2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx10.dll 2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xinput1_2.dll 2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xinput1_1.dll 2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll 2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll 2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll 2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll 2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll 2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll 2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll 2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll 2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll 2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll 2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll 2010-11-08 16:32:10 ----D---- C:\Users\Administrator\AppData\Roaming\EurekaLog 2010-11-07 19:26:47 ----D---- C:\ProgramData\Test Drive Unlimited 2010-11-07 19:19:40 ----D---- C:\Program Files (x86)\Common Files\SWF Studio 2010-11-07 18:35:42 ----D---- C:\ProgramData\Hewlett-Packard 2010-11-07 15:02:48 ----D---- C:\Users\Administrator\AppData\Roaming\OpenOffice.org 2010-11-07 14:51:33 ----D---- C:\ProgramData\Sun 2010-11-07 14:51:33 ----D---- C:\Program Files (x86)\Common Files\Java 2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\javaws.exe 2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\javaw.exe 2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\java.exe 2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\deployJava1.dll 2010-11-07 14:50:33 ----D---- C:\Users\Administrator\AppData\Roaming\Tibia 2010-11-07 13:48:16 ----D---- C:\Program Files (x86)\DOSBox-0.74 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\mshta.exe 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\jscript9.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\jscript.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\inseng.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\imgutil.dll 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\iexpress.exe 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\iesysprep.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\wextract.exe 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\webcheck.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\vbscript.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\url.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\occache.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msrating.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msls31.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\mshtmler.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\licmgr10.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iesetup.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iernonce.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieapfltr.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieakui.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieaksie.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieakeng.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\IEAdvpack.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ie4uinit.exe 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\icardie.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\dxtrans.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\dxtmsft.dll 2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\admparse.dll 2010-11-06 11:20:18 ----A---- C:\Windows\SysWOW64\pngfilt.dll 2010-11-06 11:20:09 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL 2010-11-06 11:20:09 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll 2010-11-06 11:20:08 ----A---- C:\Windows\SysWOW64\mf.dll 2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\DWrite.dll 2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d3d10warp.dll 2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll 2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d2d1.dll 2010-11-06 11:19:58 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll 2010-11-06 11:19:58 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll 2010-11-06 11:19:50 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll 2010-11-06 11:19:40 ----D---- C:\Program Files (x86)\Feedback Tool 2010-11-05 23:16:49 ----D---- C:\Windows\pss 2010-11-05 23:09:20 ----A---- C:\Windows\lsb_un20.exe 2010-11-05 21:53:35 ----D---- C:\Windows\Panther 2010-11-05 21:53:23 ----RASH---- C:\BOOTSECT.BAK 2010-11-05 21:53:22 ----SHD---- C:\Boot 2010-11-05 19:19:56 ----D---- C:\Users\Administrator\AppData\Roaming\gtk-2.0 2010-11-05 19:09:45 ----D---- C:\Program Files (x86)\GIMP-2.0 2010-11-05 18:07:25 ----D---- C:\ProgramData\Firefly Studios 2010-11-05 18:06:48 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll 2010-11-05 17:35:41 ----D---- C:\Users\Administrator\AppData\Roaming\skypePM 2010-11-05 17:34:39 ----RD---- C:\Program Files (x86)\Skype 2010-11-05 17:34:39 ----D---- C:\Users\Administrator\AppData\Roaming\Skype 2010-11-05 17:34:39 ----D---- C:\Program Files (x86)\Common Files\Skype 2010-11-05 17:34:37 ----D---- C:\ProgramData\Skype 2010-11-05 16:51:41 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-11-05 16:10:16 ----D---- C:\Users\Administrator\AppData\Roaming\TS3Client 2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\rmoc3260.dll 2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pndx5032.dll 2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pndx5016.dll 2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pncrt.dll 2010-11-05 16:08:39 ----D---- C:\Users\Administrator\AppData\Roaming\Real 2010-11-05 16:08:39 ----D---- C:\ProgramData\Real 2010-11-05 16:08:39 ----A---- C:\Windows\SysWOW64\msvcr71.dll 2010-11-05 16:08:39 ----A---- C:\Windows\SysWOW64\msvcp71.dll 2010-11-05 16:04:01 ----D---- C:\Users\Administrator\AppData\Roaming\Leadertech 2010-11-05 16:03:59 ----D---- C:\Program Files (x86)\Common Files\LogiShrd 2010-11-05 16:03:14 ----D---- C:\ProgramData\Logishrd 2010-11-05 16:02:15 ----D---- C:\Users\Administrator\AppData\Roaming\Logitech 2010-11-05 16:02:15 ----D---- C:\Users\Administrator\AppData\Roaming\Logishrd 2010-11-05 16:01:55 ----A---- C:\Windows\UC.PIF 2010-11-05 16:01:55 ----A---- C:\Windows\RAR.PIF 2010-11-05 16:01:54 ----D---- C:\Users\Administrator\AppData\Roaming\GHISLER 2010-11-05 16:01:54 ----D---- C:\totalcmd 2010-11-05 16:01:54 ----A---- C:\Windows\PKZIP.PIF 2010-11-05 16:01:54 ----A---- C:\Windows\PKUNZIP.PIF 2010-11-05 16:01:54 ----A---- C:\Windows\NOCLOSE.PIF 2010-11-05 16:01:54 ----A---- C:\Windows\LHA.PIF 2010-11-05 16:01:54 ----A---- C:\Windows\ARJ.PIF 2010-11-05 15:53:46 ----D---- C:\Users\Administrator\AppData\Roaming\Thunderbird 2010-11-05 15:43:30 ----HD---- C:\ProgramData\Common Files 2010-11-05 15:42:32 ----D---- C:\ProgramData\MFAData 2010-11-05 15:38:45 ----D---- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu 2010-11-05 15:31:26 ----D---- C:\ProgramData\Avery 2010-11-05 15:30:19 ----D---- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite 2010-11-05 15:30:18 ----D---- C:\ProgramData\DAEMON Tools Lite 2010-11-05 15:29:51 ----D---- C:\ProgramData\Adobe 2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\XPSViewer 2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\BestPractices 2010-11-05 15:05:04 ----D---- C:\Program Files (x86)\Reference Assemblies 2010-11-05 15:05:04 ----D---- C:\Program Files (x86)\MSBuild 2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont 2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalSerif.CompositeFont 2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalSansSerif.CompositeFont 2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalMonospace.CompositeFont 2010-11-05 15:05:03 ----D---- C:\inetpub 2010-11-05 14:53:07 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2010-11-05 14:50:48 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-11-05 14:38:43 ----D---- C:\Program Files (x86)\ATI Technologies 2010-11-05 14:30:40 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia 2010-11-05 14:30:40 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe 2010-11-05 14:30:37 ----D---- C:\Windows\SysWOW64\Macromed 2010-11-05 14:24:04 ----A---- C:\Windows\gdrv.sys 2010-11-05 14:22:56 ----SHD---- C:\Windows\Installer 2010-11-05 14:22:20 ----A---- C:\Windows\IsUninst.exe 2010-11-05 13:50:04 ----D---- C:\Windows\SysWOW64\RTCOM 2010-11-05 13:49:44 ----D---- C:\Program Files (x86)\Realtek 2010-11-05 13:49:43 ----HD---- C:\Program Files (x86)\Temp 2010-11-05 13:49:42 ----R---- C:\Windows\RtlExUpd.dll 2010-11-05 13:49:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-11-05 13:49:29 ----D---- C:\Program Files (x86)\Gigabyte 2010-11-05 13:49:28 ----D---- C:\Program Files (x86)\Common Files\InstallShield 2010-11-05 13:48:06 ----A---- C:\Windows\GSetup.ini 2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll 2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\PresentationHost.exe 2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\netfxperf.dll 2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\mscoree.dll 2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\dfshim.dll 2010-11-05 13:30:34 ----A---- C:\Windows\SysWOW64\msv1_0.dll 2010-11-05 13:30:22 ----A---- C:\Windows\SysWOW64\comctl32.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\tsbyuv.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\quartz.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msyuv.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msvidc32.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msrle32.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mfc40u.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mfc40.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mciavi32.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\iyuv_32.dll 2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\avifil32.dll 2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\fontsub.dll 2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\atmlib.dll 2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\atmfd.dll 2010-11-05 13:30:18 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe 2010-11-05 13:30:18 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe 2010-11-05 13:30:18 ----A---- C:\Windows\explorer_.exe.Back.3.3783181982014 2010-11-05 13:30:18 ----A---- C:\Windows\explorer.exe 2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\sscore.dll 2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\msasn1.dll 2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\explorer.exe 2010-11-05 13:30:16 ----A---- C:\Windows\SysWOW64\ole32.dll 2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\sspicli.dll 2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\secur32.dll 2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\cabview.dll 2010-11-05 13:30:12 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll 2010-11-05 13:30:12 ----A---- C:\Windows\SysWOW64\asycfilt.dll 2010-11-05 13:30:10 ----A---- C:\Windows\SysWOW64\CertEnroll.dll 2010-11-05 13:30:07 ----A---- C:\Windows\SysWOW64\tzres.dll 2010-11-05 13:30:05 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-11-05 13:30:01 ----A---- C:\Windows\SysWOW64\wmp.dll 2010-11-05 13:30:00 ----A---- C:\Windows\SysWOW64\wmploc.DLL 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_isv.dll 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc.dll 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe 2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate.exe 2010-11-05 13:28:53 ----A---- C:\Windows\SysWOW64\inetcomm.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\wow32.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\user.exe 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\t2embed.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\setup16.exe 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\ntdll.dll 2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\instnm.exe 2010-11-05 13:28:51 ----A---- C:\Windows\SysWOW64\wintrust.dll 2010-11-05 13:28:51 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-11-05 13:28:50 ----A---- C:\Windows\SysWOW64\oleaut32.dll 2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\drivers\pl-PL 2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\pl 2010-11-05 13:22:16 ----D---- C:\Windows\pl-PL 2010-11-05 13:14:23 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla 2010-11-05 13:01:44 ----D---- C:\Windows\twain_32 2010-11-05 13:01:44 ----D---- C:\Windows\SysWOW64\LogFiles 2010-11-05 13:01:44 ----D---- C:\Windows\CSC 2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Portable Devices 2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Photo Viewer 2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Media Player 2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Defender 2010-11-05 12:58:44 ----D---- C:\Windows\SoftwareDistribution 2010-11-05 12:58:14 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft 2010-11-05 12:57:38 ----SHD---- C:\Recovery 2010-11-05 12:54:14 ----SHD---- C:\System Volume Information ======List of files/folders modified in the last 1 months====== 2010-12-03 18:15:45 ----RD---- C:\Program Files (x86) 2010-12-03 18:13:04 ----D---- C:\Windows\Temp 2010-12-03 17:49:21 ----D---- C:\Windows\System32 2010-12-03 17:49:21 ----D---- C:\Windows\inf 2010-12-03 17:49:01 ----RD---- C:\Program Files 2010-12-03 17:40:15 ----D---- C:\Windows\SysWOW64\drivers 2010-12-03 17:40:15 ----D---- C:\Windows\SysWOW64 2010-12-03 17:40:15 ----D---- C:\Windows 2010-12-03 17:40:12 ----HD---- C:\ProgramData 2010-12-03 16:46:42 ----RD---- C:\Users 2010-12-03 16:43:08 ----SHD---- C:\$Recycle.Bin 2010-12-02 17:32:20 ----D---- C:\Windows\debug 2010-12-02 14:40:29 ----D---- C:\Program Files (x86)\Common Files 2010-11-30 20:19:18 ----RSD---- C:\Windows\assembly 2010-11-28 17:54:17 ----D---- C:\Windows\winsxs 2010-11-20 17:05:37 ----RSD---- C:\Windows\Fonts 2010-11-19 19:00:00 ----D---- C:\Windows\Tasks 2010-11-09 20:53:18 ----D---- C:\Windows\Microsoft.NET 2010-11-09 20:53:05 ----D---- C:\Windows\Logs 2010-11-08 17:05:58 ----SD---- C:\ProgramData\Microsoft 2010-11-06 12:05:23 ----D---- C:\Windows\SysWOW64\pl-PL 2010-11-06 12:05:23 ----D---- C:\Program Files (x86)\Internet Explorer 2010-11-06 12:05:22 ----D---- C:\Windows\SysWOW64\migration 2010-11-06 12:05:22 ----D---- C:\Windows\SysWOW64\en-US 2010-11-06 12:05:21 ----D---- C:\Windows\PolicyDefinitions 2010-11-05 15:42:47 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-11-05 15:25:59 ----D---- C:\Windows\Cursors 2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\wbem 2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\inetsrv 2010-11-05 13:45:35 ----D---- C:\Windows\AppPatch 2010-11-05 13:45:35 ----D---- C:\Program Files (x86)\Windows Mail 2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\winrm 2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\slmgr 2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\MUI 2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\DriverStore 2010-11-05 13:22:18 ----D---- C:\Windows\servicing 2010-11-05 13:22:18 ----D---- C:\Program Files (x86)\Common Files\System 2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\Printing_Admin_Scripts 2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\Dism 2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\com 2010-11-05 13:05:02 ----A---- C:\Windows\win.ini 2010-11-05 13:01:45 ----D---- C:\Windows\system 2010-11-05 13:01:45 ----D---- C:\Windows\en-US ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ACPI;Microsoft ACPI Driver; C:\Windows\system32\DRIVERS\ACPI.sys [] R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys [] R0 atapi;IDE Channel; C:\Windows\system32\DRIVERS\atapi.sys [] R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys [] R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [] R0 Disk;Disk Driver; C:\Windows\system32\DRIVERS\disk.sys [] R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys [] R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [] R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [] R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [] R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys [] R0 msisadrv;msisadrv; C:\Windows\system32\DRIVERS\msisadrv.sys [] R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys [] R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys [] R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys [] R0 pci;PCI Bus Driver; C:\Windows\system32\DRIVERS\pci.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [] R0 spldr;Security Processor Loader Driver; C:\Windows\SysWOW64\drivers\spldr.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\DRIVERS\vmstorfl.sys [] R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys [] R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver; C:\Windows\system32\DRIVERS\vdrvroot.sys [] R0 volmgr;Volume Manager Driver; C:\Windows\system32\DRIVERS\volmgr.sys [] R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys [] R0 volsnap;Storage volumes; C:\Windows\system32\DRIVERS\volsnap.sys [] R0 Wdf01000;Kernel Mode Driver Frameworks service; C:\Windows\system32\drivers\Wdf01000.sys [] R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys [] R1 Beep;Beep; C:\Windows\SysWOW64\drivers\Beep.sys [] R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [] R1 cdrom;CD-ROM Driver; C:\Windows\system32\DRIVERS\cdrom.sys [] R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [] R1 Msfs;Msfs; C:\Windows\SysWOW64\drivers\Msfs.sys [] R1 mssmbios;Microsoft System Management BIOS Driver; C:\Windows\system32\DRIVERS\mssmbios.sys [] R1 NetBIOS;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys [] R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys [] R1 Npfs;Npfs; C:\Windows\SysWOW64\drivers\Npfs.sys [] R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [] R1 Null;Null; C:\Windows\SysWOW64\drivers\Null.sys [] R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys [] R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys [] R1 RDPCDD;@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100; C:\Windows\System32\DRIVERS\RDPCDD.sys [] R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [] R1 Serial;Serial port driver; C:\Windows\system32\DRIVERS\serial.sys [] R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [] R1 TermDD;Terminal Device Driver; C:\Windows\system32\DRIVERS\termdd.sys [] R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [] R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [] R1 VgaSave;VgaSave; C:\Windows\System32\drivers\vga.sys [] R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [] R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [] R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [] R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [] R2 secdrv;Security Driver; C:\Windows\SysWOW64\drivers\secdrv.sys [] R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [] R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [] R3 ABndisMP;ABndisMP; C:\Windows\system32\DRIVERS\abndis.sys [] R3 ALSysIO;ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [] R3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\system32\DRIVERS\asyncmac.sys [] R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [] R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys [] R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [] R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-12-03 25640] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [] R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [] R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 kbdclass;Keyboard Class Driver; C:\Windows\system32\DRIVERS\kbdclass.sys [] R3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [] R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys [] R3 mouclass;Mouse Class Driver; C:\Windows\system32\DRIVERS\mouclass.sys [] R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [] R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [] R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys [] R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [] R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [] R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys [] R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\system32\DRIVERS\ndiswan.sys [] R3 NDProxy;NDIS Proxy; C:\Windows\SysWOW64\drivers\NDProxy.sys [] R3 Ntfs;Ntfs; C:\Windows\SysWOW64\drivers\Ntfs.sys [] R3 Parport;Parallel port driver; C:\Windows\system32\DRIVERS\parport.sys [] R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\system32\DRIVERS\raspptp.sys [] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [] R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\system32\DRIVERS\rasl2tp.sys [] R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\system32\DRIVERS\raspppoe.sys [] R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [] R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [] R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] R3 RDPWD;RDP Winstation Driver; C:\Windows\SysWOW64\drivers\RDPWD.sys [] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 Serenum;Serenum Filter Driver; C:\Windows\system32\DRIVERS\serenum.sys [] R3 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys [] R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [] R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [] R3 swenum;Software Bus Driver; C:\Windows\system32\DRIVERS\swenum.sys [] R3 TDTCP;TDTCP; C:\Windows\system32\drivers\tdtcp.sys [] R3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [] R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [] R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [] R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys [] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [] R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [] S0 sacdrv;sacdrv; C:\Windows\system32\DRIVERS\sacdrv.sys [] S1 ABTDI;ArcaBit Network Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [] S3 ABFLT;ArcaBit File Monitor Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys [] S3 ABndis;ABndis Service; C:\Windows\system32\DRIVERS\abndis.sys [] S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [] S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [] S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [] S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [] S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [] S3 aliide;aliide; C:\Windows\system32\DRIVERS\aliide.sys [] S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [] S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [] S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [] S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [] S3 apl82tx5;apl82tx5; C:\Windows\SysWOW64\drivers\apl82tx5.sys [] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [] S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [] S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys [] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [] S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [] S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [] S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [] S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [] S3 cmdide;cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [] S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [] S3 drmkaud;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys [] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys [] S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [] S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys [] S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\SysWOW64\drivers\fastfat.sys [] S3 fdc;Floppy Disk Controller Driver; C:\Windows\system32\DRIVERS\fdc.sys [] S3 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys [] S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [] S3 flpydisk;Floppy Disk Driver; C:\Windows\system32\DRIVERS\flpydisk.sys [] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [] S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [] S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [] S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [] S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\Windows\system32\DRIVERS\i8042prt.sys [] S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [] S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [] S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [] S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [] S3 ioatdma;Intel(R) QuickData Technology Device; C:\Windows\System32\Drivers\qd260x64.sys [] S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys [] S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [] S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys [] S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [] S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [] S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [] S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [] S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [] S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [] S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [] S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [] S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys [] S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [] S3 MRxDAV;@%systemroot%\system32\webclnt.dll,-104; C:\Windows\system32\drivers\mrxdav.sys [2009-07-14 115712] S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [] S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [] S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [] S3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys [] S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [] S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [] S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [] S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [] S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [] S3 pcmcia;pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [] S3 Processor;Processor Driver; C:\Windows\system32\DRIVERS\processr.sys [] S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [] S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [] S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [] S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [] S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [] S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [] S3 sfloppy;High-Capacity Floppy Disk Drive; C:\Windows\system32\DRIVERS\sfloppy.sys [] S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [] S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [] S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [] S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 storvsp;storvsp; C:\Windows\system32\DRIVERS\storvsp.sys [] S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [] S3 TDPIPE;TDPIPE; C:\Windows\system32\drivers\tdpipe.sys [] S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [] S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [] S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [] S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [] S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [] S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [] S3 viaide;viaide; C:\Windows\system32\DRIVERS\viaide.sys [] S3 Vid;Vid; C:\Windows\system32\DRIVERS\Vid.sys [] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [] S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [] S3 WANARP;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys [] S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys [] S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [] S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys [] S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 AudioSrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 DcomLaunch;@oleres.dll,-5012; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] R2 eventlog;Dziennik zdarzeń systemu Windows; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; G:\Hamachi\hamachi-2.exe [2010-03-30 1823112] R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe [] R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 RemoteAccess;Routing i dostęp zdalny; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 RpcSs;@oleres.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe [] R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-07-14 47616] R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe [] R2 stisvc;@%SystemRoot%\system32\wiaservc.dll,-9; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 TeamViewer5;TeamViewer 5; G:\Version5\TeamViewer_Service.exe [2010-10-19 2011944] R2 Themes;Themes; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 wuauserv;@%systemroot%\system32\wuaueng.dll,-105; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 NetTcpPortSharing;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] S2 ABMainSV;ArcaBit Main Service; C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe [] S2 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [] S2 AVBackup;ArcaBit Backup Service; C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe [] S2 AVTasks2;ArcaBit Tasks Service; C:\Program Files\ArcaBit\Common\ArcaTasksService.exe [] S2 AVUpdate;ArcaBit Update Service; C:\Program Files\ArcaBit\ArcaUpdate\update.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [] S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe [] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator; C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe [] S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService; C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe [] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376] S3 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2009-07-14 7168] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [] S3 FCRegSvc;@%SystemRoot%\system32\FCRegSvc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840] S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384] S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [] S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456] S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2009-07-14 73216] S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe [] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992] S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 ProtectedStorage;@%systemroot%\system32\psbase.dll,-300; C:\Windows\system32\lsass.exe [] S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe [] S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe [] S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240] S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048] S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [] S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [] S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [] S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe [] S3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [] S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WebClient;@%systemroot%\system32\webclnt.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe [] S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 Browser;@%systemroot%\system32\browser.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 upnphost;@%systemroot%\system32\upnphost.dll,-213; C:\Windows\system32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------[/log] [color="#FF0000"] //Logi wstawiamy w tagi ! //Tym razem zmieniam //Tom01[/color]
Tomek01 komentarz 3 grudnia 2010 komentarz 3 grudnia 2010 Niewiele tu jest do usunięcia, ale na pewno nie to jest przyczyną Twoich problemów. Poczytaj http://forums.avg.com/pl-pl/avg-free-forum?sec=thread&act=show&id=431 W międzyczasie wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.
maniak93 komentarz 3 grudnia 2010 Autor komentarz 3 grudnia 2010 Zastosowałem się do porady, która była w linku podanym przez Ciebie(wejście do rejestru, i odznaczenie opcji 'Odmów' wszędzie - nawet nie musiałem odznaczać, bo już było odznaczone) - nic to nie zmieniło. Dr. Web nic nie znalazł. A Malwarebytes, to samo. [log]Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Wersja bazy: 5240 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 2010-12-03 22:05:07 mbam-log-2010-12-03 (22-04-58).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|) Przeskanowano obiektów: 307829 Upłynęło: 25 minut(y), 44 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) [/log] Póki, co zainstalowałem Comodo Antivirus, lecz to nie to samo co AVG do którego byłem przyzwyczajony. Najprościej zapewne byłoby zrobić formata, ale ta opcja odpada póki co.
Tomek01 komentarz 3 grudnia 2010 komentarz 3 grudnia 2010 Niekoniecznie format rozwiązałby problem. Uparłeś się na AVG, z płatnych polecam Kaspersky'ego a z darmowych Avirę
maniak93 komentarz 4 grudnia 2010 Autor komentarz 4 grudnia 2010 Z AVG już z 1,5 roku korzystam, więc to takie przyzwyczajenie - na tym systemie 2 miesiące. Dobra, skoro tak spróbuję Avirę zainstalować. Dzięki za udzielenie się w temacie, i chęć pomocy
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.