x-kom hosting

[Problem z instalacją] AVG 2011

maniak93
utworzono
utworzono

Witam,
Problem mam z zainstalowaniem antywirusa AVG Free Edition 2011.

System jaki używam: Windows Server 2008r2
Komunikat wyskakujący podczas instalacji:
-Poziom zagrożenia: Błąd
-Kod błędu: 0xC0070643
-Informacje na temat błędu: Ogólny błąd wewnętrzny.
-Dodatkowy komunikat: Wystąpił wewnętrzny błąd aplikacji MSI Engine.
-Kontekst: Gromadzenie informacji o opcjach niestandardowych.

Sprawa wygląda następująco - do dzisiaj używałem od dłuższego czasu AVG Free Edition 2011, lecz od kilku dni podczas aktualizacji wyskakiwał komunikat o 'błędzie ogólnym'. Postanowiłem dzisiaj z reinstalować program AVG Free Edition 2011, więc pobrałem ze strony AVG wersję 64 bitową programu(mój system jest 64 bitowy). Podczas instalacji po okienku, w którym wybiera się jedną z opcji 'Szybka instalacja' lub 'Instalacja niestandardowa' wyskakuje mi podany wyżej komunikat (w załączniku dodaje zrzut ekranu tego komunikatu).

Po powierzchownym przeszukaniu internetu, znalazłem informację na Słoweńskim forum AVG: http://forums.avg.com/sk-sk/avg-free-forum?sec=thread&act=show&id=118297
Jednak przedstawione tam informacje okazały się niepomocne. Użyłem również narzędzia AVG Remover x64, lecz bez skutku.
Myślę, że podałem wszelkie pomocne informacje, które mogą pomóc w rozwiązaniu mojego problemu.

Systemu nie wykorzystuję komercyjnie - szkoła do której uczęszczam prowadzi projekt/uczestniczy w projekcie DreamSpark, który daje możliwość m.in. legalnego i darmowego używania systemu Windows Server 2008r2. Przeszła mi oczywiście przez głowę myśl, że antywirus może się nie instalować, ponieważ wykrywa system z reguły wykorzystywany do celów komercyjnych, lecz jak wyżej napisałem - tego samego antywirusa używałem od ok. 2 miesięcy, i wszystko było OK - być może AVG wprowadziło łatkę..
Tak, więc proszę o pomoc.

PS. Próbowałem instalować wersje testowe programu AVG Anti-Virus 2011, lecz występuje ten sam problem.
Logi z OTL (nie wiem czy tutaj pomogą, ale regulamin tak nakazuje):
[log]OTL logfile created on: 2010-12-03 18:14:24 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop\Pobrane - Firefox
64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 20,00 Gb Total Space | 2,22 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 19,69 Gb Free Space | 19,69% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 31,38 Gb Free Space | 62,77% Space Free | Partition Type: NTFS
Drive F: | 120,00 Gb Total Space | 8,61 Gb Free Space | 7,17% Space Free | Partition Type: NTFS
Drive G: | 80,00 Gb Total Space | 53,24 Gb Free Space | 66,55% Space Free | Partition Type: NTFS

Computer Name: MAREK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-12-03 18:12:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe
PRC - [2010-11-12 09:24:27 | 000,016,856 | ---- | M] (Mozilla Corporation) -- G:\Mozilla Firefox\plugin-container.exe
PRC - [2010-11-12 09:24:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- G:\Mozilla Firefox\firefox.exe
PRC - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- G:\Version5\TeamViewer_Service.exe
PRC - [2010-03-17 02:46:08 | 000,563,200 | ---- | M] () -- G:\Lightscreen\lightscreen.exe
PRC - [2009-08-24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-12-03 18:12:52 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2010-03-24 07:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2009-12-11 08:39:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2009-12-11 08:36:33 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll
MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaTasksService.exe -- (AVTasks2)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe -- (AVBackup)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe -- (ArcaRemoteService)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe -- (ArcaBit.Core.LoggingService)
SRV:[b]64bit:[/b] - File not found [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe -- (ArcaBit.Core.Configurator)
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe -- (ABMainSV)
SRV:[b]64bit:[/b] - [2010-10-27 03:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2010-05-06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-07-14 02:39:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:[b]64bit:[/b] - [2009-07-14 02:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2010-11-17 08:02:31 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- G:\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010-03-30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- G:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009-07-14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009-07-14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009-07-14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009-07-14 02:14:39 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | System | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
DRV:[b]64bit:[/b] - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
DRV:[b]64bit:[/b] - [2010-11-05 15:30:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-10-27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-10-27 03:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-06-25 15:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010-03-18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:[b]64bit:[/b] - [2010-03-18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2010-03-18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2009-12-01 18:14:40 | 000,040,528 | ---- | M] (ArcaBit) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\abndis.sys -- (ABndisMP)
DRV:[b]64bit:[/b] - [2009-12-01 18:14:40 | 000,040,528 | ---- | M] (ArcaBit) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\abndis.sys -- (ABndis)
DRV:[b]64bit:[/b] - [2009-07-30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-07-17 19:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:[b]64bit:[/b] - [2009-07-14 00:42:54 | 000,121,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2009-07-14 00:42:47 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel(R)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2010-12-03 17:44:41 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 00:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-401211014-2870162720-485859336-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: G:\Mozilla Firefox\components [2010-11-12 09:24:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: G:\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: G:\Mozilla Thunderbird\components [2010-11-18 13:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: G:\Mozilla Thunderbird\plugins

[2010-11-05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010-11-05 15:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-401211014-2870162720-485859336-500..\Run: [Lightscreen] G:\Lightscreen\lightscreen.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = G:\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O9:[b]64bit:[/b] - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.31.159.225
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Rejestracja produktu.lnk - C:\Pliki programów (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - G:\OpenOffice\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - G:\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]AQQ[/b] - hkey= - key= - G:\WapSter AQQ\AQQ.exe (Creative Team S.A.)
MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - G:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: [b]HTC Home[/b] - hkey= - key= - G:\HTC Home 2.0 Build 166\HTCHome.exe File not found
MsConfig:64bit - StartUpReg: [b]HTC Home Widget[/b] - hkey= - key= - G:\HTC Home\HTCHome (x64).exe (Stealth Software)
MsConfig:64bit - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - G:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - D:\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NativeWifiP - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Wlansvc - Service
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - G:\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NativeWifiP - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: Wlansvc - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-12-03 17:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010-12-02 17:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-12-02 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner
[2010-12-02 15:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcaBit
[2010-12-02 14:46:07 | 000,040,528 | ---- | C] (ArcaBit) -- C:\Windows\SysNative\drivers\abndis.sys
[2010-12-02 14:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\ArcaBit
[2010-12-02 14:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010-11-30 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010-11-30 20:19:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\TrackMania
[2010-11-29 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2010-11-28 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010-11-28 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010-11-28 18:07:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\BFBC2
[2010-11-25 09:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010-11-25 08:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010-11-19 18:17:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\restore
[2010-11-19 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2010-11-18 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010-11-18 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads
[2010-11-18 15:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010-11-15 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\matma
[2010-11-15 15:19:46 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010-11-15 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2010-11-14 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic
[2010-11-14 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX
[2010-11-14 10:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010-11-14 10:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010-11-14 10:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010-11-14 10:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010-11-14 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\gctmp
[2010-11-14 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Xenocode
[2010-11-14 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2010-11-13 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin
[2010-11-13 20:47:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\GTA San Andreas User Files
[2010-11-12 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010-11-12 14:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010-11-11 22:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010-11-11 14:31:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2010-11-10 22:43:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Activision
[2010-11-10 22:37:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010-11-10 19:52:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010-11-10 19:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010-11-10 19:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010-11-10 17:30:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2010-11-09 20:53:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ArmA 2 OA DEMO
[2010-11-08 21:55:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\marek_firefox
[2010-11-08 17:55:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2010-11-08 16:32:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2010-11-07 19:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited
[2010-11-07 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010-11-07 18:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010-11-07 15:02:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010-11-07 14:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-11-07 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-11-07 14:50:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tibia
[2010-11-07 13:48:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\DOSBox
[2010-11-07 13:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2010-11-07 13:33:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
[2010-11-07 11:42:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2010-11-06 11:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010-11-06 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.VirtualBox
[2010-11-06 11:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010-11-06 10:41:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\WapSter
[2010-11-05 23:20:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-11-05 23:16:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010-11-05 21:53:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010-11-05 21:53:22 | 000,000,000 | -HSD | C] -- C:\Boot
[2010-11-05 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010-11-05 19:19:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.thumbnails
[2010-11-05 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\gegl-0.0
[2010-11-05 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gimp-2.6
[2010-11-05 19:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010-11-05 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2010-11-05 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Stronghold 2
[2010-11-05 18:06:48 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010-11-05 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\skypePM
[2010-11-05 17:34:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010-11-05 17:34:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype
[2010-11-05 17:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010-11-05 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-11-05 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010-11-05 16:10:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010-11-05 16:08:40 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real
[2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Real
[2010-11-05 16:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010-11-05 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2010-11-05 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010-11-05 16:03:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010-11-05 16:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010-11-05 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech
[2010-11-05 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logishrd
[2010-11-05 16:01:54 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-11-05 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010-11-05 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010-11-05 15:53:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Thunderbird
[2010-11-05 15:43:38 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Administrator\Desktop\procexp.exe
[2010-11-05 15:43:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010-11-05 15:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010-11-05 15:40:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop\screeny
[2010-11-05 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu
[2010-11-05 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Gadu-Gadu
[2010-11-05 15:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2010-11-05 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010-11-05 15:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010-11-05 15:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2010-11-05 15:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-11-05 15:05:03 | 000,000,000 | ---D | C] -- C:\inetpub
[2010-11-05 14:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010-11-05 14:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010-11-05 14:36:24 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop\Pobrane - Firefox
[2010-11-05 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2010-11-05 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2010-11-05 14:30:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010-11-05 14:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010-11-05 14:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010-11-05 14:22:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010-11-05 13:51:51 | 000,236,544 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010-11-05 13:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010-11-05 13:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-11-05 13:49:58 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2010-11-05 13:49:58 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2010-11-05 13:49:55 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010-11-05 13:49:55 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010-11-05 13:49:55 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010-11-05 13:49:54 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010-11-05 13:49:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010-11-05 13:49:50 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010-11-05 13:49:47 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010-11-05 13:49:45 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010-11-05 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010-11-05 13:49:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010-11-05 13:49:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-11-05 13:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigabyte
[2010-11-05 13:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010-11-05 13:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\pl-PL
[2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\pl-PL
[2010-11-05 13:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\pl
[2010-11-05 13:22:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pl
[2010-11-05 13:20:08 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\pl-PL\pscr.sys.mui
[2010-11-05 13:20:04 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerIb.sys.mui
[2010-11-05 13:20:03 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrSerId.sys.mui
[2010-11-05 13:20:03 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pl-PL\BrParwdm.sys.mui
[2010-11-05 13:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010-11-05 13:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Photo Viewer
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Photo Viewer
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\twain_32
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\LogFiles
[2010-11-05 13:01:44 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010-11-05 12:58:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010-11-05 12:58:25 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2010-11-05 12:58:25 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2010-11-05 12:58:25 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2010-11-05 12:58:15 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2010-11-05 12:58:14 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2010-11-05 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2010-11-05 12:58:14 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2010-11-05 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2010-11-05 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2010-11-05 12:57:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010-11-05 12:54:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-10-27 03:52:12 | 000,478,208 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010-10-27 03:51:36 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010-10-27 03:50:28 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010-10-27 03:49:52 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-12-03 18:15:52 | 002,621,440 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010-12-03 17:52:11 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-12-03 17:52:11 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-12-03 17:49:21 | 001,767,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-12-03 17:49:21 | 000,777,844 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-12-03 17:49:21 | 000,686,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-12-03 17:49:21 | 000,171,448 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-12-03 17:49:21 | 000,132,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-12-03 17:49:02 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010-12-03 17:44:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-12-03 17:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-12-03 17:43:41 | 005,265,818 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010-12-03 17:30:17 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010-12-03 17:30:17 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010-12-02 17:30:58 | 000,195,694 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20101202_173027.reg
[2010-12-02 17:30:10 | 200,512,338 | ---- | M] () -- C:\Users\Administrator\Desktop\0210.reg
[2010-12-02 17:27:57 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010-12-02 17:03:03 | 000,000,960 | ---- | M] () -- C:\Users\Administrator\Desktop\RegCleaner.lnk
[2010-11-30 21:44:33 | 000,022,115 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2010-11-30 21:39:00 | 000,000,558 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010-11-30 20:33:54 | 000,489,691 | ---- | M] () -- C:\Users\Administrator\Desktop\Matma.jpg
[2010-11-30 20:19:09 | 000,000,614 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010-11-30 14:46:29 | 005,046,552 | ---- | M] () -- C:\Users\Administrator\Desktop\matma.rar
[2010-11-28 19:11:13 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer
[2010-11-28 18:06:52 | 000,000,937 | ---- | M] () -- C:\Users\Administrator\Desktop\BFBC2.lnk
[2010-11-28 16:46:04 | 000,000,902 | ---- | M] () -- C:\Users\Administrator\Desktop\WoW - Molten.lnk
[2010-11-25 21:28:15 | 000,000,684 | ---- | M] () -- C:\Users\Administrator\Desktop\samp.lnk
[2010-11-23 12:56:50 | 000,001,229 | ---- | M] () -- C:\Users\Administrator\Desktop\czero_polish.lnk
[2010-11-21 20:00:11 | 000,091,797 | ---- | M] () -- C:\Users\Administrator\maniek.jpg
[2010-11-21 19:06:47 | 000,363,047 | ---- | M] () -- C:\Users\Administrator\Desktop\hist.jpg
[2010-11-21 19:06:45 | 000,450,667 | ---- | M] () -- C:\Users\Administrator\Desktop\hist2.jpg
[2010-11-21 19:06:43 | 000,337,167 | ---- | M] () -- C:\Users\Administrator\Desktop\hist3.jpg
[2010-11-21 17:47:00 | 001,332,981 | ---- | M] () -- C:\Users\Administrator\Desktop\Hista.rar
[2010-11-21 10:58:51 | 000,000,668 | ---- | M] () -- C:\Users\Administrator\Desktop\Jed's Half-Life Model Viewer.lnk
[2010-11-21 10:34:53 | 000,297,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-11-20 20:13:34 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010-11-20 17:17:06 | 000,066,872 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-11-20 17:05:38 | 000,000,546 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010-11-18 15:58:16 | 000,012,711 | ---- | M] () -- C:\Users\Administrator\Desktop\mareksyp.xcf
[2010-11-17 11:56:24 | 000,001,350 | ---- | M] () -- C:\Users\Administrator\Desktop\SaveGames - CRYSIS.lnk
[2010-11-17 11:46:58 | 000,000,611 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010-11-16 19:45:39 | 000,001,018 | ---- | M] () -- C:\Users\Administrator\Desktop\Crysis WARHEAD.lnk
[2010-11-15 15:14:35 | 000,001,142 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010-11-14 22:32:51 | 000,007,606 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010-11-14 10:38:48 | 000,000,530 | ---- | M] () -- C:\Users\Administrator\Desktop\Fraps.lnk
[2010-11-14 10:28:04 | 000,000,757 | ---- | M] () -- C:\Users\Administrator\Desktop\Movies - fraps.lnk
[2010-11-12 17:28:07 | 000,000,898 | ---- | M] () -- C:\Users\Administrator\Desktop\HTCHome.lnk
[2010-11-11 12:41:44 | 000,000,817 | ---- | M] () -- C:\Users\Administrator\Desktop\CoD 5.lnk
[2010-11-08 17:05:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-11-07 14:51:37 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010-11-07 14:35:48 | 000,000,515 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-11-07 13:48:17 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010-11-06 12:06:33 | 000,001,447 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-11-06 11:26:55 | 000,001,243 | ---- | M] () -- C:\Users\Administrator\Desktop\cstrike_polish.lnk
[2010-11-06 11:09:34 | 000,000,570 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010-11-06 11:09:34 | 000,000,570 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010-11-06 10:41:37 | 000,000,375 | ---- | M] () -- C:\Users\Administrator\Desktop\AQQ.lnk
[2010-11-06 10:41:36 | 000,000,375 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom AQQ.lnk
[2010-11-05 23:19:57 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2010-11-05 21:53:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-11-05 19:09:51 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010-11-05 18:06:48 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010-11-05 17:35:49 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-11-05 17:34:39 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-11-05 17:29:56 | 000,000,897 | ---- | M] () -- C:\Users\Administrator\Desktop\Stronghold2.lnk
[2010-11-05 17:29:45 | 000,000,538 | ---- | M] () -- C:\Users\Administrator\Desktop\NEEDS EMULATION.lnk
[2010-11-05 16:56:17 | 000,000,198 | ---- | M] () -- C:\Users\Administrator\Desktop\Condition Zero.url
[2010-11-05 16:55:38 | 000,000,198 | ---- | M] () -- C:\Users\Administrator\Desktop\Counter-Strike.url
[2010-11-05 16:55:07 | 000,000,541 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-11-05 16:10:31 | 001,741,884 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-11-05 16:09:18 | 000,000,592 | ---- | M] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2010-11-05 16:01:56 | 000,000,638 | ---- | M] () -- C:\Users\Administrator\Desktop\Total Commander.lnk
[2010-11-05 16:00:52 | 000,000,576 | ---- | M] () -- C:\Users\Administrator\Desktop\PhotoFiltre.lnk
[2010-11-05 15:56:41 | 000,000,694 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
[2010-11-05 15:50:18 | 000,000,584 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TB-Tray.lnk
[2010-11-05 15:50:18 | 000,000,584 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TB-Tray.lnk
[2010-11-05 15:49:45 | 000,000,694 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010-11-05 15:40:02 | 000,000,576 | ---- | M] () -- C:\Users\Administrator\Desktop\Lightscreen.lnk
[2010-11-05 15:31:26 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\DesignPro 5.lnk
[2010-11-05 15:30:46 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010-11-05 15:30:46 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010-11-05 15:15:09 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010-11-05 14:24:07 | 000,000,590 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010-11-05 14:21:50 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2010-11-05 13:22:07 | 000,337,158 | ---- | M] () -- C:\Windows\SysNative\perfi015.dat
[2010-11-05 13:22:07 | 000,038,710 | ---- | M] () -- C:\Windows\SysNative\perfd015.dat
[2010-11-05 13:14:24 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010-11-05 13:14:21 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-11-05 13:14:21 | 000,000,705 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 6.lnk
[2010-11-05 13:05:02 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini
[2010-11-05 12:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010-11-05 12:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010-11-05 12:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010-11-05 12:58:15 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
[2010-11-05 12:56:37 | 000,049,361 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010-11-05 12:56:37 | 000,049,361 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010-10-27 03:55:34 | 000,099,504 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010-10-27 03:52:12 | 000,478,208 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010-10-27 03:51:36 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010-10-27 03:50:28 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010-10-27 03:49:52 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010-10-27 03:14:58 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010-10-27 02:54:52 | 000,653,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010-10-27 02:49:46 | 000,653,056 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-12-03 17:49:02 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010-12-03 17:30:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010-12-03 17:30:08 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010-12-02 17:30:34 | 000,195,694 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20101202_173027.reg
[2010-12-02 17:29:46 | 200,512,338 | ---- | C] () -- C:\Users\Administrator\Desktop\0210.reg
[2010-12-02 17:27:57 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010-12-02 17:03:03 | 000,000,960 | ---- | C] () -- C:\Users\Administrator\Desktop\RegCleaner.lnk
[2010-11-30 21:44:33 | 000,022,115 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010-11-30 21:39:00 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010-11-30 20:32:08 | 000,489,691 | ---- | C] () -- C:\Users\Administrator\Desktop\Matma.jpg
[2010-11-30 20:19:09 | 000,000,614 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010-11-30 14:46:05 | 005,046,552 | ---- | C] () -- C:\Users\Administrator\Desktop\matma.rar
[2010-11-28 19:11:13 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
[2010-11-28 18:06:52 | 000,000,937 | ---- | C] () -- C:\Users\Administrator\Desktop\BFBC2.lnk
[2010-11-28 16:46:04 | 000,000,902 | ---- | C] () -- C:\Users\Administrator\Desktop\WoW - Molten.lnk
[2010-11-25 21:28:15 | 000,000,684 | ---- | C] () -- C:\Users\Administrator\Desktop\samp.lnk
[2010-11-25 09:06:42 | 000,000,691 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010-11-23 12:56:50 | 000,001,229 | ---- | C] () -- C:\Users\Administrator\Desktop\czero_polish.lnk
[2010-11-21 19:49:18 | 000,091,797 | ---- | C] () -- C:\Users\Administrator\maniek.jpg
[2010-11-21 17:47:14 | 000,450,667 | ---- | C] () -- C:\Users\Administrator\Desktop\hist2.jpg
[2010-11-21 17:47:14 | 000,363,047 | ---- | C] () -- C:\Users\Administrator\Desktop\hist.jpg
[2010-11-21 17:47:14 | 000,337,167 | ---- | C] () -- C:\Users\Administrator\Desktop\hist3.jpg
[2010-11-21 17:46:43 | 001,332,981 | ---- | C] () -- C:\Users\Administrator\Desktop\Hista.rar
[2010-11-21 10:58:51 | 000,000,668 | ---- | C] () -- C:\Users\Administrator\Desktop\Jed's Half-Life Model Viewer.lnk
[2010-11-20 17:05:38 | 000,000,546 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010-11-18 15:58:16 | 000,012,711 | ---- | C] () -- C:\Users\Administrator\Desktop\mareksyp.xcf
[2010-11-17 11:56:24 | 000,001,350 | ---- | C] () -- C:\Users\Administrator\Desktop\SaveGames - CRYSIS.lnk
[2010-11-16 19:45:39 | 000,001,018 | ---- | C] () -- C:\Users\Administrator\Desktop\Crysis WARHEAD.lnk
[2010-11-15 15:14:35 | 000,001,142 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010-11-14 10:28:04 | 000,000,757 | ---- | C] () -- C:\Users\Administrator\Desktop\Movies - fraps.lnk
[2010-11-14 10:23:45 | 000,000,530 | ---- | C] () -- C:\Users\Administrator\Desktop\Fraps.lnk
[2010-11-14 10:07:43 | 000,428,614 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI7677.txt
[2010-11-14 10:07:43 | 000,011,488 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI7677.txt
[2010-11-12 17:28:07 | 000,000,898 | ---- | C] () -- C:\Users\Administrator\Desktop\HTCHome.lnk
[2010-11-11 12:41:44 | 000,000,817 | ---- | C] () -- C:\Users\Administrator\Desktop\CoD 5.lnk
[2010-11-10 18:04:54 | 000,000,611 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010-11-08 17:05:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010-11-07 15:01:34 | 000,419,406 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI3471.txt
[2010-11-07 15:01:34 | 000,011,494 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI3471.txt
[2010-11-07 14:51:37 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010-11-07 14:35:48 | 000,000,515 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-11-07 13:48:17 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010-11-06 11:26:55 | 000,001,243 | ---- | C] () -- C:\Users\Administrator\Desktop\cstrike_polish.lnk
[2010-11-06 11:20:20 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010-11-06 11:20:20 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010-11-06 11:09:34 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2010-11-06 11:09:34 | 000,000,570 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2010-11-06 10:55:51 | 000,007,606 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010-11-06 10:41:37 | 000,000,375 | ---- | C] () -- C:\Users\Administrator\Desktop\AQQ.lnk
[2010-11-06 10:41:36 | 000,000,375 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Uruchom AQQ.lnk
[2010-11-05 23:19:57 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2010-11-05 23:09:20 | 000,112,640 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2010-11-05 21:53:23 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010-11-05 21:53:22 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010-11-05 19:09:51 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010-11-05 17:35:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-11-05 17:34:39 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-11-05 17:29:56 | 000,000,897 | ---- | C] () -- C:\Users\Administrator\Desktop\Stronghold2.lnk
[2010-11-05 17:29:45 | 000,000,538 | ---- | C] () -- C:\Users\Administrator\Desktop\NEEDS EMULATION.lnk
[2010-11-05 16:56:17 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\Desktop\Condition Zero.url
[2010-11-05 16:55:38 | 000,000,198 | ---- | C] () -- C:\Users\Administrator\Desktop\Counter-Strike.url
[2010-11-05 16:51:40 | 000,000,541 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-11-05 16:09:18 | 000,000,592 | ---- | C] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2010-11-05 16:02:46 | 000,392,752 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistMSI46FD.txt
[2010-11-05 16:02:44 | 000,014,122 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dd_vcredistUI46FD.txt
[2010-11-05 16:01:56 | 000,000,638 | ---- | C] () -- C:\Users\Administrator\Desktop\Total Commander.lnk
[2010-11-05 16:01:55 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-11-05 16:01:55 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-11-05 16:01:54 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-11-05 16:00:52 | 000,000,576 | ---- | C] () -- C:\Users\Administrator\Desktop\PhotoFiltre.lnk
[2010-11-05 15:50:18 | 000,000,584 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TB-Tray.lnk
[2010-11-05 15:50:18 | 000,000,584 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TB-Tray.lnk
[2010-11-05 15:49:45 | 000,000,694 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010-11-05 15:49:45 | 000,000,694 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
[2010-11-05 15:40:02 | 000,000,576 | ---- | C] () -- C:\Users\Administrator\Desktop\Lightscreen.lnk
[2010-11-05 15:31:26 | 000,001,571 | ---- | C] () -- C:\Users\Public\Desktop\DesignPro 5.lnk
[2010-11-05 15:30:46 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010-11-05 15:30:46 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010-11-05 15:15:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-11-05 15:05:04 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2010-11-05 15:05:04 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010-11-05 15:05:04 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2010-11-05 15:05:04 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2010-11-05 14:53:07 | 001,741,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-11-05 14:21:17 | 000,000,590 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-11-05 14:09:04 | 000,000,675 | ---- | C] () -- C:\Users\Administrator\volshext.log
[2010-11-05 13:52:01 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010-11-05 13:48:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010-11-05 13:22:39 | 000,777,844 | ---- | C] () -- C:\Windows\SysNative\perfh015.dat
[2010-11-05 13:22:39 | 000,337,158 | ---- | C] () -- C:\Windows\SysNative\perfi015.dat
[2010-11-05 13:22:39 | 000,171,448 | ---- | C] () -- C:\Windows\SysNative\perfc015.dat
[2010-11-05 13:22:39 | 000,038,710 | ---- | C] () -- C:\Windows\SysNative\perfd015.dat
[2010-11-05 13:14:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-11-05 13:14:21 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-11-05 13:14:21 | 000,000,705 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 6.lnk
[2010-11-05 13:10:41 | 000,001,447 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-11-05 13:01:32 | 005,265,818 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010-11-05 12:58:40 | 000,066,872 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-11-05 12:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010-11-05 12:58:15 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010-11-05 12:58:15 | 000,262,144 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2010-11-05 12:58:15 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010-11-05 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini
[2010-11-05 12:58:15 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2010-11-05 12:58:14 | 002,621,440 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT
[2010-11-05 12:58:14 | 000,001,304 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Server Manager.lnk
[2010-11-05 12:58:14 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010-11-05 12:58:14 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010-10-27 03:55:34 | 000,099,504 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010-10-27 02:54:52 | 000,653,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010-10-27 02:49:46 | 000,653,056 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2009-07-14 05:57:55 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009-07-14 05:57:55 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009-07-14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009-07-14 03:34:57 | 000,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009-07-14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-11-05 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010-11-08 16:32:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2010-11-05 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu
[2010-11-18 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010-11-05 22:02:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010-11-30 15:44:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010-11-19 16:21:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2010-11-05 16:04:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2010-11-07 15:02:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010-11-13 22:39:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin
[2010-11-12 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010-11-05 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010-11-07 14:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tibia
[2010-11-05 16:10:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010-11-07 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG10
[2009-07-14 06:06:36 | 000,026,158 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-11-05 21:53:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-11-05 13:52:24 | 000,000,010 | ---- | M] () -- C:\csb.log
[2010-11-05 13:52:13 | 000,000,190 | ---- | M] () -- C:\Install.log
[2010-12-03 17:44:25 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys
[2010-11-05 13:50:14 | 000,003,176 | ---- | M] () -- C:\RHDSetup.log
[2010-12-03 18:15:55 | 000,000,200 | ---- | M] () -- C:\service.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >[/log]


[log]OTL Extras logfile created on: 2010-12-03 18:14:24 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop\Pobrane - Firefox
64bit- Server Enterprise Edition (full installation) (Version = 6.1.7600) - Type = NTServer
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 20,00 Gb Total Space | 2,22 Gb Free Space | 11,12% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 19,69 Gb Free Space | 19,69% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 31,38 Gb Free Space | 62,77% Space Free | Partition Type: NTFS
Drive F: | 120,00 Gb Total Space | 8,61 Gb Free Space | 7,17% Space Free | Partition Type: NTFS
Drive G: | 80,00 Gb Total Space | 53,24 Gb Free Space | 66,55% Space Free | Partition Type: NTFS

Computer Name: MAREK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB048BF4-6AD7-450B-9538-0DF2C9229840}" = Oracle VM VirtualBox 3.2.6
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SP6" = Logitech SetPoint 6.15
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{33DE82AC-A35F-4f41-AC10-7932D5F12528}" = Harry Potter and the Order of the Phoenix™ Demo
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AQQ" = WapSter AQQ
"DivX Setup.divx.com" = DivX Setup
"Fraps" = Fraps (remove only)
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5
"JDownloader" = JDownloader
"Jed's Half-Life Model Viewer" = Jed's Half-Life Model Viewer 1.3.6
"Lightscreen" = Lightscreen
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 4.0b7 (x86 pl)" = Mozilla Firefox 4.0b7 (x86 pl)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"PhotoFiltre" = PhotoFiltre
"RealAlt_is1" = Real Alternative 1.9.0
"Steam App 10" = Counter-Strike
"Steam App 80" = Counter-Strike: Condition Zero
"TeamViewer 5" = TeamViewer 5
"Thunderbird-Tray" = Thunderbird-Tray
"Tibia_is1" = Tibia
"TmNationsForever_is1" = TmNationsForever
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Totalcmd" = Total Commander (Remove or Repair)
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.7
"World of Warcraft" = World of Warcraft

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-401211014-2870162720-485859336-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-12-01 16:26:57 | Computer Name = marek | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "g:\wapster aqq\System\DelZip179.dll".
Błąd w pliku manifestu lub w pliku zasad "g:\wapster aqq\System\DelZip179.dll"
w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2010-12-02 09:09:09 | Computer Name = marek | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "g:\wapster aqq\System\DelZip179.dll".
Błąd w pliku manifestu lub w pliku zasad "g:\wapster aqq\System\DelZip179.dll"
w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa.

Error - 2010-12-02 09:46:14 | Computer Name = marek | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe_iphlpsvc, wersja: 6.1.7600.16385,
sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: ntdll.dll, wersja:
6.1.7600.16559, sygnatura czasowa: 0x4ba9b802 Kod wyjątku: 0xc0000374 Przesunięcie
błędu: 0x00000000000c6df2 Identyfikator procesu powodującego błąd: 0x398 Godzina
uruchomienia aplikacji powodującej błąd: 0x01cb921c62915f68 Ścieżka aplikacji powodującej
błąd: C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll
Identyfikator
raportu: 874bb443-fe1a-11df-b7f8-00241ddd9ec0

Error - 2010-12-02 11:31:47 | Computer Name = marek | Source = Application Hang | ID = 1002
Description = Program explorer.exe w wersji 6.1.7600.16450 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
Centrum akcji. Identyfikator procesu: 634 Godzina rozpoczęcia: 01cb9234b2f840d5 Godzina
zakończenia: 13376 Ścieżka aplikacji: C:\Windows\explorer.exe Identyfikator raportu:
3d144fb6-fe29-11df-b8ca-00241ddd9ec0

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Main Service.

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Backup Service.

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Tasks Service.

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit.Core.Configurator.

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Control.

Error - 2010-12-02 11:33:32 | Computer Name = marek | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Nie można ponownie uruchomić aplikacji lub usługi ArcaBit Update Service.


< End of report >
[/code]
RSIT:
[code]info.txt logfile of random's system information tool 1.08 2010-12-03 18:15:56

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.4.1 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Call of Duty(R) - World at War(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0415
Counter-Strike: Condition Zero-->"D:\Steam\steam.exe" steam://uninstall/80
Counter-Strike-->"D:\Steam\steam.exe" steam://uninstall/10
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DesignPro 5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DF57E946-4885-4EEA-A958-D5F82CB21B99}
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EasySaver B9.0904.1 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Feedback Tool-->MsiExec.exe /I{90024193-9F13-4877-89D5-A1CDF0CBBF28}
Fraps (remove only)-->"G:\Fraps\uninstall.exe"
GIMP 2.6.7-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Harry Potter and the Order of the Phoenix™ Demo-->D:\Harry Potter i Zakon Feniksa\EAUninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
JDownloader-->G:\Jdownloader\uninstall.exe
Jed's Half-Life Model Viewer 1.3.6-->G:\Jed's Half-Life Model Viewer 1.3.6\uninst.exe
Lightscreen-->"G:\Lightscreen\uninstall.exe"
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox 4.0b7 (x86 pl)-->G:\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.6)-->G:\Mozilla Thunderbird\uninstall\helper.exe
OpenOffice.org 3.2-->MsiExec.exe /I{8727531E-6C58-4852-A90B-39CF45E269A9}
PhotoFiltre-->"G:\PhotoFiltre\Uninst.exe"
Real Alternative 1.9.0-->"G:\Real Alternative\unins000.exe"
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamViewer 5-->G:\Version5\uninstall.exe
Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
Thunderbird-Tray-->G:\Thunderbird-Tray\TBTray-Uninstall.exe
Tibia-->"D:\Tibia\unins000.exe"
TmNationsForever-->"D:\TmNationsForever\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.71 100812-->"G:\Total Video Converter\unins000.exe"
TreeSize Free V2.5-->"G:\TreeSize Free\unins000.exe"
Update Manager B09.0908.1-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E25C468-7745-4051-8B37-4A2C6635BA8B}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 1.1.5-->G:\VLC\uninstall.exe
WapSter AQQ-->G:\WapSter AQQ\uninstall.exe
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======System event log======

Computer Name: WIN-C2PU8RCKJ76
Event Code: 62464
Message: UVD Information
Record Number: 36314
Source Name: amdkmdag
Time Written: 20101106210421.765625-000
Event Type: Informacje
User:

Computer Name: WIN-C2PU8RCKJ76
Event Code: 62464
Message: UVD Information
Record Number: 36313
Source Name: amdkmdag
Time Written: 20101106210421.765625-000
Event Type: Informacje
User:

Computer Name: WIN-C2PU8RCKJ76
Event Code: 62464
Message: UVD Information
Record Number: 36312
Source Name: amdkmdag
Time Written: 20101106210421.765625-000
Event Type: Informacje
User:

Computer Name: WIN-C2PU8RCKJ76
Event Code: 62464
Message: UVD Information
Record Number: 36311
Source Name: amdkmdag
Time Written: 20101106210420.709960-000
Event Type: Informacje
User:

Computer Name: WIN-C2PU8RCKJ76
Event Code: 62464
Message: UVD Information
Record Number: 36310
Source Name: amdkmdag
Time Written: 20101106210420.709960-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: 37L4247D25-07
Event Code: 1001
Message: Pakiet błędów , typ 0
Nazwa zdarzenia: PnPGenericDriverFound
Odpowiedź: Not available
Identyfikator pliku Cab: 0

Sygnatura problemu:
P1: x64
P2: PCI\VEN_1002&DEV_68B8&SUBSYS_22881787&REV_00
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Dołączone pliki:

Te pliki mogą być dostępne tutaj:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_27897cf1e8aad921db2d4163a0db0ba5d73d51_cab_065dab3f

Symbol analizy:
Ponowne sprawdzanie rozwiązania: 0
Identyfikator raportu: 9dbd15c4-e8d3-11df-9bab-f35c9017f0f8
Stan raportu: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20101105115543.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D25-07
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20101105115448.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D25-07
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20101105115445.000000-000
Event Type: Informacje
User:

Computer Name: 37L4247D25-07
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101105115440.656250-000
Event Type: Informacje
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D25-07
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101105115441.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: 37L4247D25-07
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: NT AUTHORITY
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101105115427.859375-000
Event Type: Sukcesy inspekcji
User:

Computer Name: 37L4247D25-07
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: 37L4247D25-07$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: NT AUTHORITY
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x1e4
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101105115427.859375-000
Event Type: Sukcesy inspekcji
User:

Computer Name: 37L4247D25-07
Event Code: 4902
Message: Utworzono tabelę zasad inspekcji użytkownika.

Liczba elementów: 0
Identyfikator zasad: 0x29460
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101105115427.531250-000
Event Type: Sukcesy inspekcji
User:

Computer Name: 37L4247D25-07
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 0

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: NT AUTHORITY
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x4
Nazwa procesu:

Informacje o sieci:
Nazwa stacji roboczej: -
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: -
Pakiet uwierzytelniania: -
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101105115426.296875-000
Event Type: Sukcesy inspekcji
User:

Computer Name: 37L4247D25-07
Event Code: 4608
Message: Trwa uruchamianie systemu Windows.

To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101105115426.250000-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;\Common
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=3
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 5 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0502
"VBOX_INSTALL_PATH"=G:\VirtualBox\

-----------------EOF-----------------[/log]

[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-12-03 18:15:44
Microsoft Windows Server 2008 R2 Enterprise
System drive C: has 2 GB (11%) free of 20 GB
Total RAM: 4094 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:15:54, on 2010-12-03
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
G:\Lightscreen\lightscreen.exe
G:\Mozilla Firefox\firefox.exe
G:\Mozilla Firefox\plugin-container.exe
C:\Users\Administrator\Desktop\Pobrane - Firefox\OTL.exe
C:\Users\Administrator\Desktop\Pobrane - Firefox\RSIT.exe
C:\Program Files (x86)\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Java\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Lightscreen] G:\Lightscreen\lightscreen.exe -h
O4 - Startup: Mozilla Thunderbird.lnk = G:\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: TB-Tray.lnk = G:\Thunderbird-Tray\TBTray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://s1.gg.adocean.pl
O15 - ESC Trusted Zone: http://mirror.mcs.anl.gov
O15 - ESC Trusted Zone: http://*.bankier.pl
O15 - ESC Trusted Zone: http://gg.hit.gemius.pl
O15 - ESC Trusted Zone: http://ggao.hit.gemius.pl
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://mirror.karneval.cz
O15 - ESC Trusted Zone: http://mozilla.cdn.leaseweb.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://ftp.halifax.rwth-aachen.de
O15 - ESC Trusted Zone: http://mozilla.c3sl.ufpr.br
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcaBit Main Service (ABMainSV) - Unknown owner - C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ArcaBit.Core.Configurator - Unknown owner - C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe (file missing)
O23 - Service: ArcaBit.Core.LoggingService - Unknown owner - C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe (file missing)
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing)
O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing)
O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\Program Files\ArcaBit\Common\ArcaTasksService.exe (file missing)
O23 - Service: ArcaBit Update Service (AVUpdate) - Unknown owner - C:\Program Files\ArcaBit\ArcaUpdate\update.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - G:\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - G:\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7312 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - G:\Java\bin\jp2ssv.dll [2010-11-07 41760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lightscreen"=G:\Lightscreen\lightscreen.exe [2010-03-17 563200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TB-Tray.lnk - G:\Thunderbird-Tray\TBTray.exe

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Mozilla Thunderbird.lnk - G:\Mozilla Thunderbird\thunderbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
rassfm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"ShowSuperHidden"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-03 18:15:45 ----D---- C:\Program Files (x86)\trend micro
2010-12-03 18:15:44 ----D---- C:\rsit
2010-12-02 17:33:34 ----ASH---- C:\pagefile.sys
2010-12-02 17:03:02 ----D---- C:\Program Files (x86)\RegCleaner
2010-12-02 16:09:08 ----A---- C:\Windows\explorer.exe.Back
2010-12-02 15:53:09 ----D---- C:\ProgramData\ArcaBit
2010-12-02 14:40:29 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-11-30 20:19:27 ----D---- C:\ProgramData\TrackMania
2010-11-29 16:21:29 ----D---- C:\Users\Administrator\AppData\Roaming\vlc
2010-11-25 09:06:38 ----D---- C:\ProgramData\HP
2010-11-25 08:39:33 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-11-24 18:29:07 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-11-24 18:29:06 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-11-24 18:29:05 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-11-19 16:21:55 ----D---- C:\Users\Administrator\AppData\Roaming\JAM Software
2010-11-18 17:28:19 ----D---- C:\Users\Administrator\AppData\Roaming\GetRightToGo
2010-11-18 15:30:19 ----D---- C:\ProgramData\Windows Genuine Advantage
2010-11-14 11:20:54 ----D---- C:\Users\Administrator\AppData\Roaming\Media Player Classic
2010-11-14 10:12:23 ----D---- C:\Users\Administrator\AppData\Roaming\DivX
2010-11-14 10:11:32 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-11-14 10:11:12 ----D---- C:\Program Files (x86)\DivX
2010-11-14 10:10:27 ----D---- C:\ProgramData\DivX
2010-11-14 09:45:38 ----D---- C:\Users\Administrator\AppData\Roaming\WinRAR
2010-11-13 22:39:09 ----D---- C:\Users\Administrator\AppData\Roaming\SA-MP Audio Plugin
2010-11-12 14:23:52 ----D---- C:\Users\Administrator\AppData\Roaming\TeamViewer
2010-11-12 14:23:48 ----D---- C:\Program Files (x86)\TeamViewer
2010-11-11 22:08:48 ----D---- C:\ProgramData\Blizzard Entertainment
2010-11-10 22:37:18 ----SHD---- C:\Windows\ftpcache
2010-11-10 19:35:22 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-11-10 19:35:06 ----D---- C:\ProgramData\Blizzard
2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll
2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll
2010-11-09 20:53:32 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2010-11-09 20:53:31 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll
2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll
2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll
2010-11-09 20:53:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2010-11-09 20:53:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-11-09 20:53:28 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-11-09 20:53:27 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-11-09 20:53:26 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-11-09 20:53:25 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-11-09 20:53:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-11-09 20:53:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-11-09 20:53:22 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-11-09 20:53:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-11-09 20:53:20 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-11-09 20:53:19 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-11-09 20:53:17 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-11-09 20:53:16 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-11-08 16:32:10 ----D---- C:\Users\Administrator\AppData\Roaming\EurekaLog
2010-11-07 19:26:47 ----D---- C:\ProgramData\Test Drive Unlimited
2010-11-07 19:19:40 ----D---- C:\Program Files (x86)\Common Files\SWF Studio
2010-11-07 18:35:42 ----D---- C:\ProgramData\Hewlett-Packard
2010-11-07 15:02:48 ----D---- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
2010-11-07 14:51:33 ----D---- C:\ProgramData\Sun
2010-11-07 14:51:33 ----D---- C:\Program Files (x86)\Common Files\Java
2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\java.exe
2010-11-07 14:51:07 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2010-11-07 14:50:33 ----D---- C:\Users\Administrator\AppData\Roaming\Tibia
2010-11-07 13:48:16 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\mshta.exe
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\jscript9.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\inseng.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\imgutil.dll
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\iexpress.exe
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-11-06 11:20:20 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\wextract.exe
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\webcheck.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\url.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\occache.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msrating.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msls31.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\mshtmler.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieakui.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ieakeng.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\IEAdvpack.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\icardie.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2010-11-06 11:20:19 ----A---- C:\Windows\SysWOW64\admparse.dll
2010-11-06 11:20:18 ----A---- C:\Windows\SysWOW64\pngfilt.dll
2010-11-06 11:20:09 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2010-11-06 11:20:09 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2010-11-06 11:20:08 ----A---- C:\Windows\SysWOW64\mf.dll
2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\DWrite.dll
2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d3d10_1core.dll
2010-11-06 11:20:04 ----A---- C:\Windows\SysWOW64\d2d1.dll
2010-11-06 11:19:58 ----A---- C:\Windows\SysWOW64\XpsRasterService.dll
2010-11-06 11:19:58 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2010-11-06 11:19:50 ----A---- C:\Windows\SysWOW64\ExplorerFrame.dll
2010-11-06 11:19:40 ----D---- C:\Program Files (x86)\Feedback Tool
2010-11-05 23:16:49 ----D---- C:\Windows\pss
2010-11-05 23:09:20 ----A---- C:\Windows\lsb_un20.exe
2010-11-05 21:53:35 ----D---- C:\Windows\Panther
2010-11-05 21:53:23 ----RASH---- C:\BOOTSECT.BAK
2010-11-05 21:53:22 ----SHD---- C:\Boot
2010-11-05 19:19:56 ----D---- C:\Users\Administrator\AppData\Roaming\gtk-2.0
2010-11-05 19:09:45 ----D---- C:\Program Files (x86)\GIMP-2.0
2010-11-05 18:07:25 ----D---- C:\ProgramData\Firefly Studios
2010-11-05 18:06:48 ----A---- C:\Windows\SysWOW64\CmdLineExt_x64.dll
2010-11-05 17:35:41 ----D---- C:\Users\Administrator\AppData\Roaming\skypePM
2010-11-05 17:34:39 ----RD---- C:\Program Files (x86)\Skype
2010-11-05 17:34:39 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2010-11-05 17:34:39 ----D---- C:\Program Files (x86)\Common Files\Skype
2010-11-05 17:34:37 ----D---- C:\ProgramData\Skype
2010-11-05 16:51:41 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-11-05 16:10:16 ----D---- C:\Users\Administrator\AppData\Roaming\TS3Client
2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\rmoc3260.dll
2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pndx5032.dll
2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pndx5016.dll
2010-11-05 16:08:40 ----A---- C:\Windows\SysWOW64\pncrt.dll
2010-11-05 16:08:39 ----D---- C:\Users\Administrator\AppData\Roaming\Real
2010-11-05 16:08:39 ----D---- C:\ProgramData\Real
2010-11-05 16:08:39 ----A---- C:\Windows\SysWOW64\msvcr71.dll
2010-11-05 16:08:39 ----A---- C:\Windows\SysWOW64\msvcp71.dll
2010-11-05 16:04:01 ----D---- C:\Users\Administrator\AppData\Roaming\Leadertech
2010-11-05 16:03:59 ----D---- C:\Program Files (x86)\Common Files\LogiShrd
2010-11-05 16:03:14 ----D---- C:\ProgramData\Logishrd
2010-11-05 16:02:15 ----D---- C:\Users\Administrator\AppData\Roaming\Logitech
2010-11-05 16:02:15 ----D---- C:\Users\Administrator\AppData\Roaming\Logishrd
2010-11-05 16:01:55 ----A---- C:\Windows\UC.PIF
2010-11-05 16:01:55 ----A---- C:\Windows\RAR.PIF
2010-11-05 16:01:54 ----D---- C:\Users\Administrator\AppData\Roaming\GHISLER
2010-11-05 16:01:54 ----D---- C:\totalcmd
2010-11-05 16:01:54 ----A---- C:\Windows\PKZIP.PIF
2010-11-05 16:01:54 ----A---- C:\Windows\PKUNZIP.PIF
2010-11-05 16:01:54 ----A---- C:\Windows\NOCLOSE.PIF
2010-11-05 16:01:54 ----A---- C:\Windows\LHA.PIF
2010-11-05 16:01:54 ----A---- C:\Windows\ARJ.PIF
2010-11-05 15:53:46 ----D---- C:\Users\Administrator\AppData\Roaming\Thunderbird
2010-11-05 15:43:30 ----HD---- C:\ProgramData\Common Files
2010-11-05 15:42:32 ----D---- C:\ProgramData\MFAData
2010-11-05 15:38:45 ----D---- C:\Users\Administrator\AppData\Roaming\Gadu-Gadu
2010-11-05 15:31:26 ----D---- C:\ProgramData\Avery
2010-11-05 15:30:19 ----D---- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-11-05 15:30:18 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-11-05 15:29:51 ----D---- C:\ProgramData\Adobe
2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\XPSViewer
2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\BestPractices
2010-11-05 15:05:04 ----D---- C:\Program Files (x86)\Reference Assemblies
2010-11-05 15:05:04 ----D---- C:\Program Files (x86)\MSBuild
2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalSerif.CompositeFont
2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalSansSerif.CompositeFont
2010-11-05 15:05:04 ----A---- C:\Windows\fonts\GlobalMonospace.CompositeFont
2010-11-05 15:05:03 ----D---- C:\inetpub
2010-11-05 14:53:07 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-11-05 14:50:48 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-11-05 14:38:43 ----D---- C:\Program Files (x86)\ATI Technologies
2010-11-05 14:30:40 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2010-11-05 14:30:40 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2010-11-05 14:30:37 ----D---- C:\Windows\SysWOW64\Macromed
2010-11-05 14:24:04 ----A---- C:\Windows\gdrv.sys
2010-11-05 14:22:56 ----SHD---- C:\Windows\Installer
2010-11-05 14:22:20 ----A---- C:\Windows\IsUninst.exe
2010-11-05 13:50:04 ----D---- C:\Windows\SysWOW64\RTCOM
2010-11-05 13:49:44 ----D---- C:\Program Files (x86)\Realtek
2010-11-05 13:49:43 ----HD---- C:\Program Files (x86)\Temp
2010-11-05 13:49:42 ----R---- C:\Windows\RtlExUpd.dll
2010-11-05 13:49:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-05 13:49:29 ----D---- C:\Program Files (x86)\Gigabyte
2010-11-05 13:49:28 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-11-05 13:48:06 ----A---- C:\Windows\GSetup.ini
2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-11-05 13:36:16 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-11-05 13:30:34 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-11-05 13:30:22 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-11-05 13:30:21 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-11-05 13:30:19 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-11-05 13:30:18 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-11-05 13:30:18 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-11-05 13:30:18 ----A---- C:\Windows\explorer_.exe.Back.3.3783181982014
2010-11-05 13:30:18 ----A---- C:\Windows\explorer.exe
2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-11-05 13:30:17 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-11-05 13:30:16 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-11-05 13:30:14 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-11-05 13:30:12 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2010-11-05 13:30:12 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-11-05 13:30:10 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-11-05 13:30:07 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-11-05 13:30:05 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-11-05 13:30:01 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-11-05 13:30:00 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-11-05 13:28:56 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-11-05 13:28:53 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\user.exe
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-11-05 13:28:52 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-11-05 13:28:51 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-11-05 13:28:51 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-11-05 13:28:50 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\drivers\pl-PL
2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\pl
2010-11-05 13:22:16 ----D---- C:\Windows\pl-PL
2010-11-05 13:14:23 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla
2010-11-05 13:01:44 ----D---- C:\Windows\twain_32
2010-11-05 13:01:44 ----D---- C:\Windows\SysWOW64\LogFiles
2010-11-05 13:01:44 ----D---- C:\Windows\CSC
2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Portable Devices
2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Media Player
2010-11-05 13:01:44 ----D---- C:\Program Files (x86)\Windows Defender
2010-11-05 12:58:44 ----D---- C:\Windows\SoftwareDistribution
2010-11-05 12:58:14 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2010-11-05 12:57:38 ----SHD---- C:\Recovery
2010-11-05 12:54:14 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-12-03 18:15:45 ----RD---- C:\Program Files (x86)
2010-12-03 18:13:04 ----D---- C:\Windows\Temp
2010-12-03 17:49:21 ----D---- C:\Windows\System32
2010-12-03 17:49:21 ----D---- C:\Windows\inf
2010-12-03 17:49:01 ----RD---- C:\Program Files
2010-12-03 17:40:15 ----D---- C:\Windows\SysWOW64\drivers
2010-12-03 17:40:15 ----D---- C:\Windows\SysWOW64
2010-12-03 17:40:15 ----D---- C:\Windows
2010-12-03 17:40:12 ----HD---- C:\ProgramData
2010-12-03 16:46:42 ----RD---- C:\Users
2010-12-03 16:43:08 ----SHD---- C:\$Recycle.Bin
2010-12-02 17:32:20 ----D---- C:\Windows\debug
2010-12-02 14:40:29 ----D---- C:\Program Files (x86)\Common Files
2010-11-30 20:19:18 ----RSD---- C:\Windows\assembly
2010-11-28 17:54:17 ----D---- C:\Windows\winsxs
2010-11-20 17:05:37 ----RSD---- C:\Windows\Fonts
2010-11-19 19:00:00 ----D---- C:\Windows\Tasks
2010-11-09 20:53:18 ----D---- C:\Windows\Microsoft.NET
2010-11-09 20:53:05 ----D---- C:\Windows\Logs
2010-11-08 17:05:58 ----SD---- C:\ProgramData\Microsoft
2010-11-06 12:05:23 ----D---- C:\Windows\SysWOW64\pl-PL
2010-11-06 12:05:23 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-06 12:05:22 ----D---- C:\Windows\SysWOW64\migration
2010-11-06 12:05:22 ----D---- C:\Windows\SysWOW64\en-US
2010-11-06 12:05:21 ----D---- C:\Windows\PolicyDefinitions
2010-11-05 15:42:47 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-11-05 15:25:59 ----D---- C:\Windows\Cursors
2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\wbem
2010-11-05 15:05:04 ----D---- C:\Windows\SysWOW64\inetsrv
2010-11-05 13:45:35 ----D---- C:\Windows\AppPatch
2010-11-05 13:45:35 ----D---- C:\Program Files (x86)\Windows Mail
2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\winrm
2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\slmgr
2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\MUI
2010-11-05 13:22:18 ----D---- C:\Windows\SysWOW64\DriverStore
2010-11-05 13:22:18 ----D---- C:\Windows\servicing
2010-11-05 13:22:18 ----D---- C:\Program Files (x86)\Common Files\System
2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\Printing_Admin_Scripts
2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\Dism
2010-11-05 13:22:16 ----D---- C:\Windows\SysWOW64\com
2010-11-05 13:05:02 ----A---- C:\Windows\win.ini
2010-11-05 13:01:45 ----D---- C:\Windows\system
2010-11-05 13:01:45 ----D---- C:\Windows\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\Windows\system32\DRIVERS\ACPI.sys []
R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys []
R0 atapi;IDE Channel; C:\Windows\system32\DRIVERS\atapi.sys []
R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys []
R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys []
R0 Disk;Disk Driver; C:\Windows\system32\DRIVERS\disk.sys []
R0 FltMgr;@%SystemRoot%\system32\drivers\fltmgr.sys,-10001; C:\Windows\system32\drivers\fltmgr.sys []
R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys []
R0 KSecDD;KSecDD; C:\Windows\System32\Drivers\ksecdd.sys []
R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys []
R0 mountmgr;@%SystemRoot%\system32\drivers\mountmgr.sys,-100; C:\Windows\System32\drivers\mountmgr.sys []
R0 msisadrv;msisadrv; C:\Windows\system32\DRIVERS\msisadrv.sys []
R0 Mup;@%systemroot%\system32\drivers\mup.sys,-101; C:\Windows\System32\Drivers\mup.sys []
R0 NDIS;@%SystemRoot%\system32\drivers\ndis.sys,-200; C:\Windows\system32\drivers\ndis.sys []
R0 partmgr;@%SystemRoot%\system32\drivers\partmgr.sys,-100; C:\Windows\System32\drivers\partmgr.sys []
R0 pci;PCI Bus Driver; C:\Windows\system32\DRIVERS\pci.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys []
R0 spldr;Security Processor Loader Driver; C:\Windows\SysWOW64\drivers\spldr.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\DRIVERS\vmstorfl.sys []
R0 Tcpip;@%SystemRoot%\system32\tcpipcfg.dll,-50003; C:\Windows\System32\drivers\tcpip.sys []
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver; C:\Windows\system32\DRIVERS\vdrvroot.sys []
R0 volmgr;Volume Manager Driver; C:\Windows\system32\DRIVERS\volmgr.sys []
R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys []
R0 volsnap;Storage volumes; C:\Windows\system32\DRIVERS\volsnap.sys []
R0 Wdf01000;Kernel Mode Driver Frameworks service; C:\Windows\system32\drivers\Wdf01000.sys []
R1 AFD;@%systemroot%\system32\drivers\afd.sys,-1000; C:\Windows\system32\drivers\afd.sys []
R1 Beep;Beep; C:\Windows\SysWOW64\drivers\Beep.sys []
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
R1 cdrom;CD-ROM Driver; C:\Windows\system32\DRIVERS\cdrom.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 Msfs;Msfs; C:\Windows\SysWOW64\drivers\Msfs.sys []
R1 mssmbios;Microsoft System Management BIOS Driver; C:\Windows\system32\DRIVERS\mssmbios.sys []
R1 NetBIOS;NetBIOS Interface; C:\Windows\system32\DRIVERS\netbios.sys []
R1 NetBT;@%SystemRoot%\system32\drivers\netbt.sys,-2; C:\Windows\System32\DRIVERS\netbt.sys []
R1 Npfs;Npfs; C:\Windows\SysWOW64\drivers\Npfs.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 Null;Null; C:\Windows\SysWOW64\drivers\Null.sys []
R1 Psched;@%SystemRoot%\System32\drivers\pacer.sys,-101; C:\Windows\system32\DRIVERS\pacer.sys []
R1 rdbss;@%systemroot%\system32\wkssvc.dll,-1000; C:\Windows\system32\DRIVERS\rdbss.sys []
R1 RDPCDD;@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100; C:\Windows\System32\DRIVERS\RDPCDD.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 Serial;Serial port driver; C:\Windows\system32\DRIVERS\serial.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
R1 TermDD;Terminal Device Driver; C:\Windows\system32\DRIVERS\termdd.sys []
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
R1 VgaSave;VgaSave; C:\Windows\System32\drivers\vga.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
R2 secdrv;Security Driver; C:\Windows\SysWOW64\drivers\secdrv.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
R3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys []
R3 ABndisMP;ABndisMP; C:\Windows\system32\DRIVERS\abndis.sys []
R3 ALSysIO;ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []
R3 AsyncMac;@%systemroot%\system32\rascfg.dll,-32000; C:\Windows\system32\DRIVERS\asyncmac.sys []
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-12-03 25640]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys []
R3 HTTP;@%SystemRoot%\system32\drivers\http.sys,-1; C:\Windows\system32\drivers\HTTP.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 kbdclass;Keyboard Class Driver; C:\Windows\system32\DRIVERS\kbdclass.sys []
R3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys []
R3 mouclass;Mouse Class Driver; C:\Windows\system32\DRIVERS\mouclass.sys []
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb;@%systemroot%\system32\wkssvc.dll,-1002; C:\Windows\system32\DRIVERS\mrxsmb.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 NdisTapi;@%systemroot%\system32\rascfg.dll,-32001; C:\Windows\system32\DRIVERS\ndistapi.sys []
R3 NdisWan;@%systemroot%\system32\rascfg.dll,-32002; C:\Windows\system32\DRIVERS\ndiswan.sys []
R3 NDProxy;NDIS Proxy; C:\Windows\SysWOW64\drivers\NDProxy.sys []
R3 Ntfs;Ntfs; C:\Windows\SysWOW64\drivers\Ntfs.sys []
R3 Parport;Parallel port driver; C:\Windows\system32\DRIVERS\parport.sys []
R3 PptpMiniport;@%systemroot%\system32\rascfg.dll,-32006; C:\Windows\system32\DRIVERS\raspptp.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 Rasl2tp;@%systemroot%\system32\rascfg.dll,-32005; C:\Windows\system32\DRIVERS\rasl2tp.sys []
R3 RasPppoe;@%systemroot%\system32\rascfg.dll,-32007; C:\Windows\system32\DRIVERS\raspppoe.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
R3 RDPWD;RDP Winstation Driver; C:\Windows\SysWOW64\drivers\RDPWD.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 Serenum;Serenum Filter Driver; C:\Windows\system32\DRIVERS\serenum.sys []
R3 srv;@%systemroot%\system32\srvsvc.dll,-102; C:\Windows\System32\DRIVERS\srv.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
R3 swenum;Software Bus Driver; C:\Windows\system32\DRIVERS\swenum.sys []
R3 TDTCP;TDTCP; C:\Windows\system32\drivers\tdtcp.sys []
R3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys []
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys []
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
S0 sacdrv;sacdrv; C:\Windows\system32\DRIVERS\sacdrv.sys []
S1 ABTDI;ArcaBit Network Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys []
S3 ABFLT;ArcaBit File Monitor Driver; \??\C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys []
S3 ABndis;ABndis Service; C:\Windows\system32\DRIVERS\abndis.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys []
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys []
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys []
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys []
S3 aliide;aliide; C:\Windows\system32\DRIVERS\aliide.sys []
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys []
S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys []
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
S3 apl82tx5;apl82tx5; C:\Windows\SysWOW64\drivers\apl82tx5.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys []
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 cmdide;cmdide; C:\Windows\system32\DRIVERS\cmdide.sys []
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys []
S3 drmkaud;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; C:\Windows\SysWOW64\drivers\exfat.sys []
S3 fastfat;FAT12/16/32 File System Driver; C:\Windows\SysWOW64\drivers\fastfat.sys []
S3 fdc;Floppy Disk Controller Driver; C:\Windows\system32\DRIVERS\fdc.sys []
S3 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 flpydisk;Floppy Disk Driver; C:\Windows\system32\DRIVERS\flpydisk.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\Windows\system32\DRIVERS\i8042prt.sys []
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys []
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys []
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys []
S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys []
S3 ioatdma;Intel(R) QuickData Technology Device; C:\Windows\System32\Drivers\qd260x64.sys []
S3 IpFilterDriver;@%systemroot%\system32\rascfg.dll,-32013; C:\Windows\system32\DRIVERS\ipfltdrv.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 IPNAT;IP Network Address Translator; C:\Windows\System32\drivers\ipnat.sys []
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys []
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys []
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys []
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys []
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys []
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys []
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
S3 Modem;Modem; C:\Windows\system32\drivers\modem.sys []
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys []
S3 MRxDAV;@%systemroot%\system32\webclnt.dll,-104; C:\Windows\system32\drivers\mrxdav.sys [2009-07-14 115712]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys []
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MsRPC;MsRPC; C:\Windows\SysWOW64\drivers\MsRPC.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 Ndisuio;NDIS Usermode I/O Protocol; C:\Windows\system32\DRIVERS\ndisuio.sys []
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys []
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys []
S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys []
S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys []
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys []
S3 pcmcia;pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys []
S3 Processor;Processor Driver; C:\Windows\system32\DRIVERS\processr.sys []
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys []
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys []
S3 RasAcd;Remote Access Auto Connection Driver; C:\Windows\System32\DRIVERS\rasacd.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 sfloppy;High-Capacity Floppy Disk Drive; C:\Windows\system32\DRIVERS\sfloppy.sys []
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys []
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 storvsp;storvsp; C:\Windows\system32\DRIVERS\storvsp.sys []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
S3 TDPIPE;TDPIPE; C:\Windows\system32\drivers\tdpipe.sys []
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 viaide;viaide; C:\Windows\system32\DRIVERS\viaide.sys []
S3 Vid;Vid; C:\Windows\system32\DRIVERS\Vid.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys []
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys []
S3 WANARP;@%systemroot%\system32\rascfg.dll,-32011; C:\Windows\system32\DRIVERS\wanarp.sys []
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 cdfs;CD/DVD File System Reader; C:\Windows\system32\DRIVERS\cdfs.sys []
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys []
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S4 udfs;udfs; C:\Windows\system32\DRIVERS\udfs.sys []
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 AudioSrv;@%SystemRoot%\system32\audiosrv.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 CryptSvc;@%SystemRoot%\system32\cryptsvc.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 DcomLaunch;@oleres.dll,-5012; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Dhcp;@%SystemRoot%\system32\dhcpcore.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Dnscache;@%SystemRoot%\System32\dnsapi.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 eventlog;Dziennik zdarzeń systemu Windows; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EventSystem;@comres.dll,-2450; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; G:\Hamachi\hamachi-2.exe [2010-03-30 1823112]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LanmanServer;@%systemroot%\system32\srvsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LanmanWorkstation;@%systemroot%\system32\wkssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 lmhosts;@%SystemRoot%\system32\lmhsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MSDTC;@comres.dll,-2797; C:\Windows\System32\msdtc.exe []
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PlugPlay;@%SystemRoot%\system32\umpnpmgr.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RemoteAccess;Routing i dostęp zdalny; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RemoteRegistry;@regsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcSs;@oleres.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SamSs;@%SystemRoot%\system32\samsrv.dll,-1; C:\Windows\system32\lsass.exe []
R2 Schedule;@%SystemRoot%\system32\schedsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SENS;@%SystemRoot%\system32\Sens.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ShellHWDetection;@%SystemRoot%\System32\shsvcs.dll,-12288; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-07-14 47616]
R2 Spooler;@%systemroot%\system32\spoolsv.exe,-1; C:\Windows\System32\spoolsv.exe []
R2 stisvc;@%SystemRoot%\system32\wiaservc.dll,-9; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 TeamViewer5;TeamViewer 5; G:\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 Themes;Themes; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TrkWks;@%SystemRoot%\system32\trkwks.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Winmgmt;@%Systemroot%\system32\wbem\wmisvc.dll,-205; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wuauserv;@%systemroot%\system32\wuaueng.dll,-105; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hidserv;@%SystemRoot%\System32\hidserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Netman;@%SystemRoot%\system32\netman.dll,-109; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 NetTcpPortSharing;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R3 PolicyAgent;@%SystemRoot%\System32\polstore.dll,-5010; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 RasMan;@%Systemroot%\system32\rasmans.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 TapiSrv;@%SystemRoot%\system32\tapisrv.dll,-10100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 TermService;@%SystemRoot%\System32\termsrv.dll,-268; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ABMainSV;ArcaBit Main Service; C:\Program Files\ArcaBit\ArcaVir\ArcaMainSV.exe []
S2 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe []
S2 AVBackup;ArcaBit Backup Service; C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe []
S2 AVTasks2;ArcaBit Tasks Service; C:\Program Files\ArcaBit\Common\ArcaTasksService.exe []
S2 AVUpdate;ArcaBit Update Service; C:\Program Files\ArcaBit\ArcaUpdate\update.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S3 ALG;@%SystemRoot%\system32\Alg.exe,-112; C:\Windows\System32\alg.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator; C:\Program Files\ArcaBit\Common\arcabit.core.configurator2.exe []
S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService; C:\Program Files\ArcaBit\Common\arcabit.core.loggingservice.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BITS;@%SystemRoot%\system32\qmgr.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 COMSysApp;@comres.dll,-947; C:\Windows\system32\dllhost.exe [2009-07-14 7168]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 dot3svc;@%systemroot%\system32\dot3svc.dll,-1102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EapHost;@%systemroot%\system32\eapsvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 FCRegSvc;@%SystemRoot%\system32\FCRegSvc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 hkmsvc;@%SystemRoot%\system32\kmsvc.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 357456]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 msiserver;@%SystemRoot%\system32\msimsg.dll,-27; C:\Windows\system32\msiexec.exe [2009-07-14 73216]
S3 napagent;@%SystemRoot%\system32\qagentrt.dll,-6; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Netlogon;@%SystemRoot%\System32\netlogon.dll,-102; C:\Windows\system32\lsass.exe []
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ProtectedStorage;@%systemroot%\system32\psbase.dll,-300; C:\Windows\system32\lsass.exe []
S3 RasAuto;@%Systemroot%\system32\rasauto.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 RpcLocator;@%systemroot%\system32\Locator.exe,-2; C:\Windows\system32\locator.exe []
S3 RSoPProv;@gpapi.dll,-114; C:\Windows\system32\RSoPProv.exe []
S3 sacsvr;@%systemroot%\system32\sacsvr.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SCardSvr;@%SystemRoot%\System32\SCardSvr.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 seclogon;@%SystemRoot%\system32\seclogon.dll,-7001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SharedAccess;@%SystemRoot%\system32\ipnathlp.dll,-106; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-17 403240]
S3 swprv;@%SystemRoot%\System32\swprv.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
S3 VSS;@%systemroot%\system32\vssvc.exe,-102; C:\Windows\system32\vssvc.exe []
S3 W32Time;@%SystemRoot%\system32\w32time.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WebClient;@%systemroot%\system32\webclnt.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wmiApSrv;@%Systemroot%\system32\wbem\wmiapsrv.exe,-110; C:\Windows\system32\wbem\WmiApSrv.exe []
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Browser;@%systemroot%\system32\browser.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SSDPSRV;@%systemroot%\system32\ssdpsrv.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 upnphost;@%systemroot%\system32\upnphost.dll,-213; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------[/log]

[color="#FF0000"]
//Logi wstawiamy w tagi !
//Tym razem zmieniam
//Tom01[/color]

Tomek01
komentarz
komentarz

Niewiele tu jest do usunięcia, ale na pewno nie to jest przyczyną Twoich problemów.
Poczytaj http://forums.avg.com/pl-pl/avg-free-forum?sec=thread&act=show&id=431



W międzyczasie wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.

maniak93
komentarz
komentarz

Zastosowałem się do porady, która była w linku podanym przez Ciebie(wejście do rejestru, i odznaczenie opcji 'Odmów' wszędzie - nawet nie musiałem odznaczać, bo już było odznaczone) - nic to nie zmieniło.

Dr. Web nic nie znalazł.

A Malwarebytes, to samo.
[log]Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Wersja bazy: 5240

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

2010-12-03 22:05:07
mbam-log-2010-12-03 (22-04-58).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|)
Przeskanowano obiektów: 307829
Upłynęło: 25 minut(y), 44 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)
[/log]
Póki, co zainstalowałem Comodo Antivirus, lecz to nie to samo co AVG do którego byłem przyzwyczajony. Najprościej zapewne byłoby zrobić formata, ale ta opcja odpada póki co.

Tomek01
komentarz
komentarz

Niekoniecznie format rozwiązałby problem.
Uparłeś się na AVG, z płatnych polecam Kaspersky'ego a z darmowych Avirę :)

maniak93
komentarz
komentarz

Z AVG już z 1,5 roku korzystam, więc to takie przyzwyczajenie - na tym systemie 2 miesiące.
Dobra, skoro tak spróbuję Avirę zainstalować. Dzięki za udzielenie się w temacie, i chęć pomocy :P

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.