jnocctcop utworzono 15 grudnia 2012 utworzono 15 grudnia 2012 (edytowane) Witam, skanowałem Malwarebytes Antimalware i wykryło wirusa w svchost.exe, po usunięciu, zrobieniu reseta kompa było pusto a za kilka godzin skanuję i dalej siedzi... Jak go wykurzyć? [log] OTL logfile created on: 2012-12-15 20:05:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konrad\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,59% Memory free 8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 39,00 Gb Free Space | 52,40% Space Free | Partition Type: NTFS Computer Name: KOMPUTER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-15 20:04:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Downloads\OTL.exe PRC - [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2001-08-24 19:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) -- C:\Windows\svchost.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-12-05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012-12-05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012-12-05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012-12-05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012-12-05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012-12-05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012-12-05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012-12-05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-11-28 15:15:45 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-02 18:07:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-11-28 15:15:46 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2010-11-09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:[b]64bit:[/b] - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) [2012-12-14 17:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Extensions [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Dysk Google = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveAs = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaalnfofnpjmnegmgmhhnfamedfbgbih\2_0\ CHR - Extension: Gmail = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-2900820410-901064891-3336881770-1003\..Trusted Domains: sony.com ([]* in ) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E895899E-3094-423A-8A22-71244BD302AE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4F4FD11-B449-4940-97D3-6F86080F8705}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Konrad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk - C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE - (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-12-15 17:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012-12-15 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\2K Games [2012-12-15 17:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012-12-15 17:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2012-12-15 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\VSO [2012-12-15 15:28:44 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\ObviousIdea [2012-12-15 09:27:53 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Malwarebytes [2012-12-15 09:27:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-15 09:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-15 09:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-15 09:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-14 17:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-12-14 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\GG [2012-12-14 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\GG [2012-12-11 21:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012-12-11 21:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012-12-11 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\ElevatedDiagnostics [2012-12-11 19:17:52 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Desktop\Pliki do CS [2012-12-11 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\BitTorrent [2012-12-11 15:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs [2012-12-11 15:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012-12-11 15:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012-12-10 16:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-12-10 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Google [2012-12-10 16:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012-12-10 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Deployment [2012-12-10 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Apps [2012-12-08 19:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012-12-08 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Programs [2012-12-08 11:41:44 | 000,000,000 | ---D | C] -- C:\Nagrane [2012-12-08 11:41:19 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\BANDISOFT [2012-12-08 11:41:15 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\Bandicam [2012-12-07 16:14:20 | 000,000,000 | ---D | C] -- C:\Kompozycja [2012-12-06 21:23:45 | 001,847,296 | R--- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys [2012-12-06 21:23:45 | 001,847,296 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys [2012-12-06 21:23:45 | 000,000,000 | ---D | C] -- C:\Windows\Options [2012-12-06 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012-12-06 17:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2012-12-05 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012-12-03 14:31:50 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\SKIDROW [2012-12-03 07:45:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012-12-02 18:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012-12-02 18:13:40 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\My Games [2012-12-02 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-12-02 18:07:03 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012-12-02 18:07:02 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\DAEMON Tools Lite [2012-12-02 18:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012-12-02 18:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012-12-02 17:02:58 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\.minecraft [2012-12-02 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\Konrad\SystemRequirementsLab [2012-12-02 16:30:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012-12-02 16:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012-12-02 16:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012-12-02 16:29:58 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012-12-02 16:29:58 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012-12-02 16:29:53 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012-12-02 16:29:53 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012-12-02 16:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012-12-01 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\WMTools Downloaded Files [2012-12-01 22:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6 [2012-12-01 09:04:02 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\uTorrent [2012-12-01 08:48:12 | 000,000,000 | ---D | C] -- C:\Downloads [2012-12-01 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\BitComet [2012-11-29 18:10:59 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Evernote [2012-11-29 18:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012-11-29 18:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2012-11-29 17:52:57 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-11-29 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\SCE [2012-11-29 17:34:52 | 000,000,000 | ---D | C] -- C:\Crash [2012-11-29 17:34:51 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Sony Online Entertainment [2012-11-29 17:34:39 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2012-11-29 17:34:39 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2012-11-29 17:34:39 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2012-11-29 17:34:39 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2012-11-29 17:34:38 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2012-11-29 17:34:38 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2012-11-28 19:07:30 | 000,000,000 | ---D | C] -- C:\Download [2012-11-28 18:41:03 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\WinRAR [2012-11-28 18:41:03 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-11-28 18:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-11-28 18:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-11-28 17:30:23 | 000,000,000 | ---D | C] -- C:\Muzyka [2012-11-28 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\NVIDIA [2012-11-28 15:52:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012-11-28 15:52:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012-11-28 15:52:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012-11-28 15:52:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012-11-28 15:52:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012-11-28 15:52:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012-11-28 15:52:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012-11-28 15:52:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012-11-28 15:52:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012-11-28 15:52:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012-11-28 15:52:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012-11-28 15:52:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012-11-28 15:51:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012-11-28 15:51:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012-11-28 15:51:59 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012-11-28 15:51:59 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012-11-28 15:51:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2012-11-28 15:51:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2012-11-28 15:51:58 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2012-11-28 15:51:58 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2012-11-28 15:51:58 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012-11-28 15:51:58 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2012-11-28 15:51:58 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2012-11-28 15:51:58 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2012-11-28 15:51:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2012-11-28 15:51:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2012-11-28 15:51:58 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012-11-28 15:51:58 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2012-11-28 15:51:58 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012-11-28 15:51:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2012-11-28 15:51:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2012-11-28 15:51:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2012-11-28 15:51:57 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2012-11-28 15:51:57 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2012-11-28 15:51:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2012-11-28 15:51:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2012-11-28 15:51:57 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2012-11-28 15:51:57 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2012-11-28 15:51:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2012-11-28 15:51:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2012-11-28 15:51:57 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2012-11-28 15:51:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2012-11-28 15:51:56 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2012-11-28 15:51:56 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2012-11-28 15:51:56 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2012-11-28 15:51:56 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2012-11-28 15:51:56 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2012-11-28 15:51:56 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2012-11-28 15:51:56 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2012-11-28 15:51:56 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2012-11-28 15:51:56 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2012-11-28 15:51:56 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2012-11-28 15:51:56 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2012-11-28 15:51:56 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2012-11-28 15:51:56 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2012-11-28 15:51:56 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2012-11-28 15:51:55 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2012-11-28 15:51:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2012-11-28 15:51:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2012-11-28 15:51:55 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2012-11-28 15:51:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2012-11-28 15:51:55 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2012-11-28 15:51:55 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2012-11-28 15:51:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2012-11-28 15:51:55 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2012-11-28 15:51:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2012-11-28 15:51:54 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2012-11-28 15:51:54 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012-11-28 15:51:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2012-11-28 15:51:54 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2012-11-28 15:51:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012-11-28 15:51:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2012-11-28 15:51:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2012-11-28 15:51:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2012-11-28 15:51:54 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2012-11-28 15:51:54 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2012-11-28 15:51:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012-11-28 15:51:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2012-11-28 15:51:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2012-11-28 15:51:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2012-11-28 15:51:54 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2012-11-28 15:51:54 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2012-11-28 15:51:54 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2012-11-28 15:51:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2012-11-28 15:51:53 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2012-11-28 15:51:53 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2012-11-28 15:51:53 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2012-11-28 15:51:53 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2012-11-28 15:51:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2012-11-28 15:51:53 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2012-11-28 15:51:53 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2012-11-28 15:51:53 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2012-11-28 15:51:51 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2012-11-28 15:51:51 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2012-11-28 15:51:51 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2012-11-28 15:51:51 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2012-11-28 15:51:51 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2012-11-28 15:51:51 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2012-11-28 15:51:50 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2012-11-28 15:51:50 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012-11-28 15:51:50 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2012-11-28 15:51:50 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012-11-28 15:51:50 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2012-11-28 15:51:50 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2012-11-28 15:51:50 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2012-11-28 15:51:50 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2012-11-28 15:51:50 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2012-11-28 15:51:50 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2012-11-28 15:51:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2012-11-28 15:51:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2012-11-28 15:51:50 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2012-11-28 15:51:50 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2012-11-28 15:51:50 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2012-11-28 15:51:50 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2012-11-28 15:51:49 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2012-11-28 15:51:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2012-11-28 15:51:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2012-11-28 15:51:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2012-11-28 15:51:49 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2012-11-28 15:51:49 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2012-11-28 15:51:49 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2012-11-28 15:51:49 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2012-11-28 15:51:48 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2012-11-28 15:51:48 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2012-11-28 15:51:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2012-11-28 15:51:48 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2012-11-28 15:51:48 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2012-11-28 15:51:48 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2012-11-28 15:51:48 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2012-11-28 15:51:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2012-11-28 15:51:48 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2012-11-28 15:51:48 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2012-11-28 15:51:48 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2012-11-28 15:51:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2012-11-28 15:51:47 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2012-11-28 15:51:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2012-11-28 15:51:47 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2012-11-28 15:51:47 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2012-11-28 15:51:47 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2012-11-28 15:51:47 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2012-11-28 15:51:47 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2012-11-28 15:51:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2012-11-28 15:51:47 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2012-11-28 15:51:47 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2012-11-28 15:51:47 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2012-11-28 15:51:47 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2012-11-28 15:51:46 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2012-11-28 15:51:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012-11-28 15:51:46 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2012-11-28 15:51:46 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2012-11-28 15:51:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2012-11-28 15:51:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2012-11-28 15:51:46 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2012-11-28 15:51:46 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2012-11-28 15:51:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012-11-28 15:51:46 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012-11-28 15:51:45 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2012-11-28 15:51:45 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2012-11-28 15:51:44 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012-11-28 15:51:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012-11-28 15:51:42 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2012-11-28 15:51:42 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2012-11-28 15:51:42 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2012-11-28 15:51:42 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2012-11-28 15:51:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2012-11-28 15:51:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2012-11-28 15:51:42 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012-11-28 15:51:42 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2012-11-28 15:51:42 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2012-11-28 15:51:42 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2012-11-28 15:51:42 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2012-11-28 15:51:42 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2012-11-28 15:51:41 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2012-11-28 15:51:41 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2012-11-28 15:51:41 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2012-11-28 15:51:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2012-11-28 15:48:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012-11-28 15:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx [2012-11-28 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\Euro Truck Simulator 2 [2012-11-28 15:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Euro Truck Simulator 2.v 1.1.1 [2012-11-28 15:17:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012-11-28 15:16:22 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2012-11-28 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2012-11-28 15:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012-11-28 07:10:41 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Skype [2012-11-28 07:10:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012-11-28 07:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-11-28 07:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012-11-28 07:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012-11-28 07:02:45 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012-11-28 06:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-11-28 06:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-11-27 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Microsoft Games [2012-11-27 21:30:14 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys [2012-11-27 21:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-11-27 21:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012-11-27 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Macromedia [2012-11-27 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Macromedia [2012-11-27 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Adobe [2012-11-27 20:14:09 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-11-27 20:14:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012-11-27 20:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012-11-27 19:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012-11-27 19:50:48 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Mozilla [2012-11-27 19:50:48 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Mozilla [2012-11-27 19:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012-11-27 19:49:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012-11-27 18:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012-11-27 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-11-27 18:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012-11-27 18:48:46 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012-11-27 18:48:46 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012-11-27 18:48:46 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012-11-27 18:48:46 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012-11-27 18:48:46 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012-11-27 18:48:29 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012-11-27 18:48:29 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012-11-27 18:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012-11-27 18:47:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012-11-27 18:47:48 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012-11-27 18:47:47 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012-11-27 18:47:47 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012-11-27 18:47:47 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012-11-27 18:47:47 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012-11-27 18:47:47 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012-11-27 18:47:47 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012-11-27 18:47:47 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012-11-27 18:47:47 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012-11-27 18:47:47 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012-11-27 18:47:47 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012-11-27 18:47:47 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012-11-27 18:47:47 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012-11-27 18:47:47 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012-11-27 18:47:47 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012-11-27 18:47:47 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012-11-27 18:47:47 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012-11-27 18:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012-11-27 18:17:25 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012-11-27 18:15:40 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012-11-27 18:15:40 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Searches [2012-11-27 18:15:40 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012-11-27 18:15:28 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Identities [2012-11-27 18:15:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Contacts [2012-11-27 18:15:19 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\VirtualStore [2012-11-27 18:14:57 | 000,000,000 | --SD | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Videos [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Saved Games [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Pictures [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Music [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Links [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Favorites [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Downloads [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Documents [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Desktop [2012-11-27 18:14:57 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Ustawienia lokalne [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Temporary Internet Files [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Szablony [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\SendTo [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Recent [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\PrintHood [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\NetHood [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moje wideo [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moje obrazy [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Moje dokumenty [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moja muzyka [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Menu Start [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Historia [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Dane aplikacji [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Dane aplikacji [2012-11-27 18:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Cookies [2012-11-27 18:14:57 | 000,000,000 | -H-D | C] -- C:\Users\Konrad\AppData [2012-11-27 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Temp [2012-11-27 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Microsoft [2012-11-27 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Media Center Programs [2012-11-27 18:14:47 | 000,000,000 | -HSD | C] -- C:\Recovery [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2012-11-27 18:14:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2012-11-01 18:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012-11-01 18:08:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012-11-01 18:08:36 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012-11-01 18:07:52 | 000,000,000 | ---D | C] -- C:\Windows\Panther [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-12-15 20:07:15 | 001,310,720 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT [2012-12-15 19:15:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-15 19:01:46 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-15 19:01:46 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-15 19:01:46 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-15 19:01:46 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-15 19:01:46 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-15 19:00:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-15 19:00:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-15 18:55:52 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-15 18:55:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-12-15 18:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-15 18:55:44 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012-12-15 18:55:04 | 004,989,128 | -H-- | M] () -- C:\Users\Konrad\AppData\Local\IconCache.db [2012-12-15 18:47:14 | 000,097,978 | ---- | M] () -- C:\Users\Konrad\Desktop\wir.png [2012-12-15 17:36:38 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-12-15 09:27:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-15 09:19:01 | 000,000,640 | RHS- | M] () -- C:\Users\Konrad\ntuser.pol [2012-12-12 07:30:31 | 000,000,218 | ---- | M] () -- C:\Users\Konrad\Desktop\Counter-Strike.url [2012-12-11 21:20:40 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012-12-11 16:26:53 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-12-11 16:26:53 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-12-10 16:13:11 | 000,002,295 | ---- | M] () -- C:\Users\Konrad\Desktop\Google Chrome.lnk [2012-12-02 18:07:24 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012-12-02 18:07:03 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012-12-02 16:29:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012-12-02 16:29:49 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012-12-02 16:29:49 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012-12-02 16:29:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012-11-29 18:10:45 | 000,000,932 | ---- | M] () -- C:\Users\Konrad\Desktop\Evernote.lnk [2012-11-29 07:03:43 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012-11-28 15:48:51 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.v 1.1.1.lnk [2012-11-28 15:16:41 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk [2012-11-28 15:15:53 | 000,414,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2012-11-28 15:15:46 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys [2012-11-28 15:15:45 | 001,161,328 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll [2012-11-28 15:15:45 | 000,994,928 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll [2012-11-28 15:15:45 | 000,869,376 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL [2012-11-28 15:15:45 | 000,731,648 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL [2012-11-28 15:15:45 | 000,559,216 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll [2012-11-28 15:15:45 | 000,202,864 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll [2012-11-28 15:15:45 | 000,116,848 | ---- | M] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll [2012-11-28 15:15:45 | 000,087,152 | ---- | M] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll [2012-11-28 15:15:45 | 000,085,504 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2012-11-28 15:15:45 | 000,083,968 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2012-11-28 15:15:45 | 000,074,240 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL [2012-11-28 15:15:45 | 000,057,856 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL [2012-11-28 15:15:45 | 000,053,760 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL [2012-11-28 15:15:45 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe [2012-11-28 07:10:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-27 20:14:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-11-27 19:51:31 | 000,057,560 | ---- | M] () -- C:\Users\Konrad\AppData\Local\GDIPFONTCACHEV1.DAT [2012-11-27 18:19:54 | 000,524,288 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012-11-27 18:19:54 | 000,524,288 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012-11-27 18:19:54 | 000,065,536 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012-11-27 18:14:57 | 000,000,020 | -HS- | M] () -- C:\Users\Konrad\ntuser.ini [2012-11-01 18:12:03 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012-11-01 18:12:03 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012-11-01 18:10:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-11-01 18:09:12 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [6 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-15 18:47:14 | 000,097,978 | ---- | C] () -- C:\Users\Konrad\Desktop\wir.png [2012-12-15 17:36:38 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-12-15 09:27:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-15 09:19:01 | 000,000,640 | RHS- | C] () -- C:\Users\Konrad\ntuser.pol [2012-12-12 07:30:31 | 000,000,218 | ---- | C] () -- C:\Users\Konrad\Desktop\Counter-Strike.url [2012-12-11 21:20:40 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012-12-10 16:13:11 | 000,002,295 | ---- | C] () -- C:\Users\Konrad\Desktop\Google Chrome.lnk [2012-12-10 16:09:33 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-10 16:09:32 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-06 21:23:45 | 000,017,326 | R--- | C] () -- C:\Windows\SysNative\netathurx.inf [2012-12-06 21:23:45 | 000,007,484 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat [2012-12-02 18:07:24 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012-12-01 22:21:27 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [2012-11-29 18:10:45 | 000,000,932 | ---- | C] () -- C:\Users\Konrad\Desktop\Evernote.lnk [2012-11-29 07:03:42 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012-11-28 15:48:51 | 000,002,334 | ---- | C] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.v 1.1.1.lnk [2012-11-28 15:16:41 | 000,001,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk [2012-11-28 15:16:41 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk [2012-11-28 07:10:38 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012-11-28 06:57:36 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-11-27 21:30:14 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-11-27 19:51:31 | 000,057,560 | ---- | C] () -- C:\Users\Konrad\AppData\Local\GDIPFONTCACHEV1.DAT [2012-11-27 18:47:47 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012-11-27 18:19:53 | 004,989,128 | -H-- | C] () -- C:\Users\Konrad\AppData\Local\IconCache.db [2012-11-27 18:15:49 | 000,001,417 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012-11-27 18:15:42 | 000,001,451 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-11-27 18:14:57 | 000,524,288 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012-11-27 18:14:57 | 000,524,288 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012-11-27 18:14:57 | 000,065,536 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012-11-27 18:14:57 | 000,000,020 | -HS- | C] () -- C:\Users\Konrad\ntuser.ini [2012-11-27 18:14:56 | 001,310,720 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT [2012-11-01 18:11:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012-11-01 18:11:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012-11-01 18:10:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-11-01 18:08:36 | 3220,627,456 | -HS- | C] () -- C:\hiberfil.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-12-10 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\.minecraft [2012-12-08 11:41:19 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BANDISOFT [2012-12-12 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BitComet [2012-12-12 22:29:27 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BitTorrent [2012-12-02 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\DAEMON Tools Lite [2012-12-14 19:13:15 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\GG [2012-12-15 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\ObviousIdea [2012-12-15 18:28:03 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\uTorrent [2012-12-15 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\VSO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2012-12-15 18:55:44 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012-12-15 18:55:44 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys [2012-12-15 15:24:27 | 000,000,096 | ---- | M] () -- C:\SetSearchAndHomepageInBrowserLog.txt [6 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012-09-29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2012-12-15 20:05:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konrad\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,59% Memory free 8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 39,00 Gb Free Space | 52,40% Space Free | Partition Type: NTFS Computer Name: KOMPUTER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2900820410-901064891-3336881770-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08B9B943-DD28-40C5-896F-F07537F40B37}" = rport=445 | protocol=6 | dir=out | app=system | "{1B52FA13-A2B9-4C34-BABA-98B97256A8F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{203EF32C-0721-4C74-9E54-FD44D3129155}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{23199F84-843E-4EF4-A13E-AE25AB1319E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{272CD4D6-4212-4A36-8553-312E3576E8E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{335E668C-8BCF-4062-B9A6-00F480479A46}" = lport=2869 | protocol=6 | dir=in | app=system | "{35E04740-185B-498E-861B-50D88A8EBCD7}" = lport=137 | protocol=17 | dir=in | app=system | "{5255B575-913F-4D06-B2A8-890CEE7A243A}" = lport=445 | protocol=6 | dir=in | app=system | "{5AB16704-5B05-4DC3-93EB-D720C0079325}" = lport=15532 | protocol=17 | dir=in | name=bitcomet 15532 udp | "{5F9965E5-280F-4B9F-A068-4271EB092862}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{680BE887-4017-4825-B8B2-A0004C66B289}" = rport=137 | protocol=17 | dir=out | app=system | "{6C1C79EE-8271-4E99-AA51-CB722F2D5F2C}" = lport=138 | protocol=17 | dir=in | app=system | "{769ACB73-1323-4E59-8125-407543738513}" = rport=10243 | protocol=6 | dir=out | app=system | "{89315BE0-CF81-4D82-8B06-E1B4C437A19D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{97C813B9-615C-4678-AA7E-D6C37EA88392}" = lport=15532 | protocol=6 | dir=in | name=bitcomet 15532 tcp | "{9B5E2EA9-7A0D-4F9C-9CEA-563195DC3B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A6CAB57E-43B7-4795-B939-D66927F4061A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEC2BC2F-4449-4E93-AED5-7B85649E71AF}" = lport=139 | protocol=6 | dir=in | app=system | "{E0F05517-194D-45B8-9F8C-BCE56B59D6F1}" = rport=139 | protocol=6 | dir=out | app=system | "{E542D9C4-C216-4C1B-ADB6-F80B20C05F0B}" = rport=138 | protocol=17 | dir=out | app=system | "{E75E0BE2-68D7-4F1F-B573-D0A28BDA16FE}" = lport=10243 | protocol=6 | dir=in | app=system | "{F069927F-2205-448A-9A4E-C4F77D1D5FDB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F83A98BA-E051-4A28-85F9-3526735DF5C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07CCAD2A-5D01-4CBF-88E4-39EACF55DE2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bongomp3\counter-strike\hl.exe | "{1289037B-6689-4517-82B0-90A4B78CF257}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2158088E-8C15-4004-94DA-BE2CB5A7C1E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2270423C-0CB4-4BCA-B027-8AA771F35608}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{229A49EF-E015-4678-BB8C-B7B16B287745}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{25CC50CB-9348-45D3-AFCA-8EA9E46DB6A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{30609BDB-F2BB-4A44-B4A5-F547720FADD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3156E2DC-8050-4423-A204-438DC6FA5898}" = protocol=6 | dir=in | app=c:\users\konrad\downloads\bittorrent.exe | "{3D1BECA2-0B9A-46E9-AAE9-EE0628082339}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{407F3C5C-A9B5-48FB-9A78-039663677B9E}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{4C41FCF7-82ED-4D02-8244-ADEB2E012AB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{56688E6F-3177-4354-8560-B1E9310AC3E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bongomp3\counter-strike\hl.exe | "{5C827778-6001-4135-8727-7E8BB2A675F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{60880A6D-58F6-4A2D-8C8F-C74A86E192B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{60DAC3AF-106A-4E3F-80E4-9237E43FCEA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A43DCFB-3D0B-4C3D-8AC8-762748D824E3}" = protocol=6 | dir=out | app=system | "{6ABCF6B5-3D40-41D8-BF48-A136860BD72E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B6CEFA5-D963-4256-9C51-EBB93F5EE208}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{7331F232-D5FD-4534-B3DA-081130724EF1}" = protocol=17 | dir=in | app=c:\users\konrad\desktop\utorrent.exe | "{8375139B-A14A-4BD4-9CEA-A6A0CBBBA1C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93E1B918-0F9E-404C-AC9B-DFCA40C3462C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9D80CB2D-290F-4FEA-A1A5-4B8D82E43C9E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9EC76F13-8C50-4F81-A907-31BD80653EAD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A83EAD7C-3F51-4FAF-B3FC-6778F3DE7376}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{C6414F3F-0B89-4F4C-808F-2CE430DF68B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C79BDFBD-8B09-4768-85B9-92E58A19B0F2}" = protocol=17 | dir=in | app=c:\users\konrad\downloads\bittorrent.exe | "{D5575111-765C-4091-9251-3CB65E6087F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{D99C0C6B-1C36-4470-A13C-BF4F746A1706}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EEE32426-1417-4753-B372-1B1CC2BAC9AF}" = protocol=6 | dir=in | app=c:\users\konrad\desktop\utorrent.exe | "{F03C3DD1-0D98-462D-82D7-C9493B2F7D8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F0B2A80F-6C5E-4E64-90FD-95C946F28F5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA1545A4-F299-4606-93FC-1430B264F4DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{90340092-59DA-4D70-BCB5-CEC4F688B2E7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{AE50A44D-3020-467D-BBA9-DB5B4728838A}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "TCP Query User{B2C9BFEE-F749-4B06-8F34-3B2C576FE792}C:\program files (x86)\dishonored\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dishonored\dishonored\binaries\win32\dishonored.exe | "TCP Query User{D7D15108-E71F-4367-B3E1-B8D9E0CFA1B2}C:\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\2k games\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{DD3B8BD4-C30C-40B2-A3B8-309586633F95}C:\program files (x86)\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torchlight ii\torchlight2.exe | "UDP Query User{15968300-5B51-4D1E-B9B4-B2F95A891F5F}C:\program files (x86)\dishonored\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dishonored\dishonored\binaries\win32\dishonored.exe | "UDP Query User{545CBDD2-3BA3-4DA0-9311-73936C3A3619}C:\program files (x86)\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torchlight ii\torchlight2.exe | "UDP Query User{76C6864A-6511-4621-9831-A1BD5ACA00A3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{A1D62003-CD26-413D-8EA8-E2B2345CCE7A}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "UDP Query User{F32F8018-8B16-4506-B280-C7688D35517C}C:\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\2k games\borderlands 2\binaries\win32\borderlands2.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DAEMON Tools Lite" = DAEMON Tools Lite "Euro Truck Simulator 2.v 1.1.1_is1" = Euro Truck Simulator 2.v 1.1.1 "Google Chrome" = Google Chrome "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam App 10" = Counter-Strike [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-12-10 11:12:58 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 5.1.0.0, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb3b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00033915 Identyfikator procesu powodującego błąd: 0x664 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd6e8d6d31980 Ścieżka aplikacji powodującej błąd: C:\Windows\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 148c3720-42dc-11e2-9e40-bc5ff442264e Error - 2012-12-10 11:13:55 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_5_502_110.exe, wersja: 11.5.502.110, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0xffffffff Identyfikator procesu powodującego błąd: 0x288 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd6e8f84802b0 Ścieżka aplikacji powodującej błąd: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 35fa6990-42dc-11e2-9e40-bc5ff442264e Error - 2012-12-10 11:13:55 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 5.1.0.0, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb3b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00033915 Identyfikator procesu powodującego błąd: 0xba8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd6e8f84c4870 Ścieżka aplikacji powodującej błąd: C:\Windows\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 35fc3e50-42dc-11e2-9e40-bc5ff442264e Error - 2012-12-10 11:14:50 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FlashPlayerPlugin_11_5_502_110.exe, wersja: 11.5.502.110, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0xffffffff Identyfikator procesu powodującego błąd: 0x9b0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd6e91933e5c0 Ścieżka aplikacji powodującej błąd: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 56e206e0-42dc-11e2-9e40-bc5ff442264e Error - 2012-12-10 11:14:50 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 5.1.0.0, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb3b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00033915 Identyfikator procesu powodującego błąd: 0xa48 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd6e91934a910 Ścieżka aplikacji powodującej błąd: C:\Windows\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 56e33f60-42dc-11e2-9e40-bc5ff442264e Error - 2012-12-11 14:39:11 | Computer Name = Komputer | Source = Application Hang | ID = 1002 Description = Program Steam.exe w wersji 1.0.1595.686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 4a4 Godzina rozpoczęcia: 01cdd7ce9e36aab0 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Program Files (x86)\Steam\Steam.exe Identyfikator raportu: 06e71c71-43c2-11e2-b5df-bc5ff442264e Error - 2012-12-11 14:42:00 | Computer Name = Komputer | Source = Application Hang | ID = 1002 Description = Program Steam.exe w wersji 1.0.1595.686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 80c Godzina rozpoczęcia: 01cdd7ced12b67d0 Godzina zakończenia: 16 Ścieżka aplikacji: C:\Program Files (x86)\Steam\Steam.exe Identyfikator raportu: 7197cb51-43c2-11e2-b5df-bc5ff442264e Error - 2012-12-11 14:42:58 | Computer Name = Komputer | Source = Application Hang | ID = 1002 Description = Program Steam.exe w wersji 1.0.1595.686 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 7c0 Godzina rozpoczęcia: 01cdd7cf3cdf8c90 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Program Files (x86)\Steam\Steam.exe Identyfikator raportu: 93b5ae51-43c2-11e2-b5df-bc5ff442264e Error - 2012-12-13 15:15:21 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: setup.exe_Google Chrome, wersja: 23.0.1271.95, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0xffffffff Identyfikator procesu powodującego błąd: 0xdd8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd96630dcba60 Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\Installer\setup.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 700a76a0-4559-11e2-9c54-bc5ff442264e Error - 2012-12-13 15:15:21 | Computer Name = Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 5.1.0.0, sygnatura czasowa: 0x3b866bf0 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bdb3b Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00033c8d Identyfikator procesu powodującego błąd: 0xcf0 Godzina uruchomienia aplikacji powodującej błąd: 0x01cdd9663101ce90 Ścieżka aplikacji powodującej błąd: C:\Windows\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\SysWOW64\ntdll.dll Identyfikator raportu: 700bd630-4559-11e2-9c54-bc5ff442264e [ System Events ] Error - 2012-12-14 18:31:09 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 03:58:45 | Computer Name = Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Skype Updater. Error - 2012-12-15 03:58:49 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 04:34:58 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 04:45:33 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 04:47:38 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 04:51:23 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 04:59:59 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 13:51:11 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-15 13:55:52 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom < End of report > [/log] Coś jeszcze? Prosze o szybką pomoc !!!
Gość komentarz 16 grudnia 2012 komentarz 16 grudnia 2012 (edytowane) [quote][color=#282828][font=helvetica, arial, sans-serif]PRC - [2001-08-24 19:00:00 | 000,036,352 | --S- | M] (Microsoft Corporation) -- [/font][/color][b][color=#ff0000][font=helvetica, arial, sans-serif]C:\Windows\svchost.exe[/font][/color][/b][/quote] nie mam dobrych wieści to coś to paskudny wirus infekujący pliki wykonywalne [url="http://pc-com.pl/topic/8-poradnik-infekcje-w-plikach-wykonywalnych/"]"[b][color=#ff0000]Jeefo[/color][/b]"[/url] Na początek tym szajsem sie zajmiemy Robisz skan tą szczepionką [url="http://www.sophos.com/support/cleaners/jeefogui.com"]KLIK[/url] tyle razy aż szczeepionka nie zwróci 0 zainfekowanych plików Po tym dajesz nowy log z OTL 1
jnocctcop komentarz 16 grudnia 2012 Autor komentarz 16 grudnia 2012 Witam, zrobiłem format i po formacie wykryło po chwili 3 wirusy "Jeefo" po czym usunąłem je tak jak wcześniej i do tej pory się nie pokazuje, więc chyba na dobre wykurzyłem je Malwarebytes Anti-malware. Czy jeśli ich już nie wykrywa to wszystko dobrze? Czy wykonać jakieś kroki?
jnocctcop komentarz 17 grudnia 2012 Autor komentarz 17 grudnia 2012 (edytowane) Kurde, zainstalowałem gg, robię skan i pojawiawia się z 15 wirusów, użyłem szczepionki Twojej z linku, wyskakiwały okienka z zapytaniem czy chcę naprawić te pliki, dałem yes to all, naprawiło, skanuję programem wcześniejszym i nie ma żadnego . Załatwiło sprawę? Daję logi po tych operacjach [log] OTL logfile created on: 2012-12-17 21:29:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konrad\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,01% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 47,73 Gb Free Space | 64,13% Space Free | Partition Type: NTFS Computer Name: KOMPUTER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2012-12-17 21:28:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Downloads\OTL.exe PRC - [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012-12-03 19:35:00 | 001,044,320 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2012-12-17 21:28:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Downloads\OTL.exe MOD - [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe MOD - [2012-12-05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012-12-05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012-12-05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012-12-05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012-12-05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012-12-05 02:14:27 | 009,963,112 | ---- | M] (The ICU Project) -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\icudt.dll MOD - [2012-12-05 02:14:23 | 041,743,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\chrome.dll MOD - [2012-12-05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012-12-05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012-12-05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012-12-03 19:35:00 | 001,044,320 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe MOD - [2012-12-03 19:32:40 | 000,434,176 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\Intl\EvernoteClipper.pl-PL.dll MOD - [2012-10-02 23:21:00 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll MOD - [2012-10-02 23:21:00 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll MOD - [2012-10-02 17:23:18 | 000,903,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll MOD - [2012-09-08 12:16:32 | 000,258,048 | ---- | M] (Evernote Corporation, 333 West Evelyn Avenue, Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\LibPCRE.dll MOD - [2012-09-08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2012-09-08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012-07-06 06:43:46 | 000,284,160 | ---- | M] (Evernote Corporation) -- C:\Program Files (x86)\Evernote\Evernote\encrashrep.dll MOD - [2010-05-26 11:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DCompiler_43.dll MOD - [2010-05-26 11:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\D3DX9_43.dll MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2009-07-14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009-07-14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2009-07-14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2009-07-14 02:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2009-07-14 02:16:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2009-07-14 02:16:19 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2009-07-14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2009-07-14 02:16:18 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2009-07-14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009-07-14 02:16:17 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2009-07-14 02:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sqmapi.dll MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009-07-14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2009-07-14 02:16:13 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2009-07-14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2009-07-14 02:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2009-07-14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll MOD - [2009-07-14 02:15:46 | 002,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll MOD - [2009-07-14 02:15:44 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msftedit.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:43 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2009-07-14 02:15:42 | 000,481,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2009-07-14 02:15:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-07-14 02:15:41 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll MOD - [2009-07-14 02:15:39 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mfplat.dll MOD - [2009-07-14 02:15:38 | 003,177,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mf.dll MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2009-07-14 02:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009-07-14 02:15:28 | 002,058,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2009-07-14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009-07-14 02:15:21 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2009-07-14 02:15:19 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2009-07-14 02:15:19 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\evr.dll MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:12 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 02:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2009-07-14 02:15:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2009-07-14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009-07-14 02:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2009-07-14 02:15:08 | 001,826,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2009-07-14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 02:15:07 | 001,151,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009-07-14 02:15:07 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2009-07-14 02:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2009-07-14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2009-07-14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009-07-14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-06-14 21:42:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012-12-17 21:23:04 | 000,155,136 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-15 21:54:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-06-14 21:42:44 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2011-04-20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012-12-17 21:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Extensions [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: Dysk Google = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - Startup: C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6020E4B-19F5-446A-B7FF-745E3CD71861}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0D7AB-BE2F-48DE-ADB9-F76C33E3D64D}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-12-17 21:18:08 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Adobe [2012-12-17 21:18:03 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Macromedia [2012-12-17 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Mozilla [2012-12-17 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GG [2012-12-17 21:17:33 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\GG [2012-12-17 21:17:32 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\GG [2012-12-17 14:21:41 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\2K Games [2012-12-17 14:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012-12-17 14:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2012-12-16 18:37:49 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\WMTools Downloaded Files [2012-12-16 17:22:40 | 000,000,000 | ---D | C] -- C:\Muzyka [2012-12-16 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2012-12-16 17:04:26 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys [2012-12-16 17:04:26 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys [2012-12-16 17:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2012-12-16 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-12-16 10:35:37 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\NVIDIA [2012-12-16 10:09:51 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012-12-16 10:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2012-12-16 10:02:17 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\BitTorrent [2012-12-15 22:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6 [2012-12-15 22:34:10 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012-12-15 22:33:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012-12-15 22:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2012-12-15 22:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012-12-15 22:32:34 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2012-12-15 22:32:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2012-12-15 22:15:17 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\Euro Truck Simulator 2 [2012-12-15 22:02:16 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Skype [2012-12-15 22:02:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012-12-15 22:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012-12-15 22:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012-12-15 22:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012-12-15 21:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012-12-15 21:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012-12-15 21:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012-12-15 21:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012-12-15 21:54:55 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012-12-15 21:54:54 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\DAEMON Tools Lite [2012-12-15 21:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012-12-15 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012-12-15 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Evernote [2012-12-15 21:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012-12-15 21:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2012-12-15 21:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-12-15 21:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012-12-15 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012-12-15 21:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-12-15 21:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012-12-15 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-12-15 21:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012-12-15 21:39:31 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012-12-15 21:39:31 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012-12-15 21:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012-12-15 21:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012-12-15 21:38:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012-12-15 21:29:45 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Malwarebytes [2012-12-15 21:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-15 21:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-15 21:29:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-15 21:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-15 21:16:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012-12-15 21:15:49 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\WinRAR [2012-12-15 21:15:49 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-12-15 21:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012-12-15 21:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012-12-15 21:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-12-15 21:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012-12-15 21:11:44 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Google [2012-12-15 21:11:31 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Deployment [2012-12-15 21:11:31 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Apps [2012-12-15 21:01:09 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012-12-15 21:01:09 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Searches [2012-12-15 21:01:09 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012-12-15 21:00:54 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Identities [2012-12-15 21:00:48 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Contacts [2012-12-15 21:00:46 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\VirtualStore [2012-12-15 21:00:22 | 000,000,000 | --SD | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Videos [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Saved Games [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Pictures [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Music [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Links [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Favorites [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Downloads [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Documents [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\Desktop [2012-12-15 21:00:22 | 000,000,000 | R--D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Ustawienia lokalne [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Temporary Internet Files [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Szablony [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\SendTo [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Recent [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\PrintHood [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\NetHood [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moje wideo [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moje obrazy [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Moje dokumenty [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Documents\Moja muzyka [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Menu Start [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Historia [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Dane aplikacji [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\AppData\Local\Dane aplikacji [2012-12-15 21:00:22 | 000,000,000 | -HSD | C] -- C:\Users\Konrad\Cookies [2012-12-15 21:00:22 | 000,000,000 | -H-D | C] -- C:\Users\Konrad\AppData [2012-12-15 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Temp [2012-12-15 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Local\Microsoft [2012-12-15 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Media Center Programs [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\Recovery [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty [2012-12-15 21:00:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji [2012-12-15 20:57:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012-12-15 20:54:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012-12-15 20:54:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012-12-15 20:53:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-12-17 21:29:39 | 001,048,576 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT [2012-12-17 21:16:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-17 21:16:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-17 19:40:37 | 000,001,131 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-12-17 14:20:16 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-12-17 14:13:45 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-17 14:13:45 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-17 14:13:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-17 14:13:45 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-17 14:13:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-17 13:39:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-17 13:39:52 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-17 13:32:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-12-17 13:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-17 13:32:31 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012-12-16 23:31:58 | 001,689,882 | -H-- | M] () -- C:\Users\Konrad\AppData\Local\IconCache.db [2012-12-16 10:09:51 | 000,000,218 | ---- | M] () -- C:\Users\Konrad\Desktop\Counter-Strike.url [2012-12-16 10:02:46 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2012-12-15 22:33:13 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk [2012-12-15 22:02:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012-12-15 21:56:07 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012-12-15 21:55:13 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012-12-15 21:54:55 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012-12-15 21:52:08 | 000,000,936 | ---- | M] () -- C:\Users\Konrad\Desktop\Evernote.lnk [2012-12-15 21:47:38 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-12-15 21:46:45 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-12-15 21:29:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-15 21:16:41 | 000,524,288 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012-12-15 21:16:41 | 000,524,288 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012-12-15 21:16:41 | 000,065,536 | -HS- | M] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012-12-15 21:08:04 | 000,057,560 | ---- | M] () -- C:\Users\Konrad\AppData\Local\GDIPFONTCACHEV1.DAT [2012-12-15 21:02:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-12-15 21:00:22 | 000,000,020 | -HS- | M] () -- C:\Users\Konrad\ntuser.ini [2012-12-15 20:57:46 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012-12-15 20:57:46 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012-12-15 20:54:57 | 000,274,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-17 19:40:37 | 000,001,131 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-12-17 14:20:16 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-12-16 17:04:26 | 000,027,040 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf [2012-12-16 17:04:26 | 000,008,820 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat [2012-12-16 10:09:51 | 000,000,218 | ---- | C] () -- C:\Users\Konrad\Desktop\Counter-Strike.url [2012-12-16 10:02:46 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2012-12-15 22:50:57 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [2012-12-15 22:33:13 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk [2012-12-15 22:33:12 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk [2012-12-15 22:02:13 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012-12-15 21:56:07 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012-12-15 21:55:13 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012-12-15 21:52:08 | 000,000,936 | ---- | C] () -- C:\Users\Konrad\Desktop\Evernote.lnk [2012-12-15 21:47:38 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk [2012-12-15 21:46:45 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012-12-15 21:38:50 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012-12-15 21:29:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-15 21:16:40 | 001,689,882 | -H-- | C] () -- C:\Users\Konrad\AppData\Local\IconCache.db [2012-12-15 21:11:47 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-15 21:11:46 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-15 21:08:04 | 000,057,560 | ---- | C] () -- C:\Users\Konrad\AppData\Local\GDIPFONTCACHEV1.DAT [2012-12-15 21:02:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012-12-15 21:01:18 | 000,001,421 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012-12-15 21:01:11 | 000,001,455 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-12-15 21:00:22 | 001,048,576 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT [2012-12-15 21:00:22 | 000,524,288 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012-12-15 21:00:22 | 000,524,288 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012-12-15 21:00:22 | 000,065,536 | -HS- | C] () -- C:\Users\Konrad\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012-12-15 21:00:22 | 000,000,020 | -HS- | C] () -- C:\Users\Konrad\ntuser.ini [2012-12-15 20:57:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012-12-15 20:57:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012-12-15 20:54:22 | 3220,627,456 | -HS- | C] () -- C:\hiberfil.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-12-17 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\BitTorrent [2012-12-17 14:05:21 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\DAEMON Tools Lite [2012-12-17 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Konrad\AppData\Roaming\GG [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2012-12-17 13:32:31 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012-12-17 13:32:38 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys [2012-12-17 21:23:42 | 000,012,190 | ---- | M] () -- C:\resolve.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009-07-14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys [2009-07-14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012-09-29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2012-12-17 21:29:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Konrad\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,01% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 47,73 Gb Free Space | 64,13% Space Free | Partition Type: NTFS Computer Name: KOMPUTER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{075EF319-632C-4F1C-A179-B6F111496581}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0D1A5753-5C63-4342-A87C-1F664ABBF6AC}" = lport=139 | protocol=6 | dir=in | app=system | "{102F4268-5359-46BF-B409-4FA73C09E29D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27C279CB-728E-488B-9CC4-16712C130373}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{474D8308-B08E-49AF-8B6A-43AB776508B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{57383260-08A9-44EE-AB21-135581494E82}" = rport=10243 | protocol=6 | dir=out | app=system | "{593B80B5-FF25-471B-B2AD-690B68D57EAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5DC88533-1834-4CB7-9FAC-45FA86282E6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7BB24C82-32A2-4DF5-B4D0-963E6A227F85}" = rport=137 | protocol=17 | dir=out | app=system | "{82BB589F-D0E1-45EB-A284-B5A3593D8E72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{832E3F95-FA6D-4C06-AD5F-F94D43EDA1C4}" = rport=445 | protocol=6 | dir=out | app=system | "{8432937F-2D1C-475C-AAF1-C10F5AE4AE0C}" = rport=138 | protocol=17 | dir=out | app=system | "{8BB9258E-D22C-46CB-8E85-ABD472DC0A61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A986D4AF-F487-4354-AA6A-8092D3F01A30}" = lport=137 | protocol=17 | dir=in | app=system | "{ACA5F90A-9592-47D6-B770-14192A9D58DE}" = rport=139 | protocol=6 | dir=out | app=system | "{B9C74C6F-863C-4551-91FA-C7224F7DF0E0}" = lport=10243 | protocol=6 | dir=in | app=system | "{BB5C7AF4-36ED-4B8D-B64E-242C70418522}" = lport=138 | protocol=17 | dir=in | app=system | "{BD6375BE-3EB4-4C51-B418-177E35E4B9B2}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE8F9660-2E38-4AD8-9A4F-42122CF98D3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D1925668-D159-4D62-81BB-077C8C72CE0A}" = lport=445 | protocol=6 | dir=in | app=system | "{FEB53D69-B592-4439-9EC0-3D4801282A9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10A74549-02E9-4FFA-A9B4-EE118B1A7472}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2D25F3D6-9B00-4548-A187-A1509E9B0003}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{40D30D63-CE10-4C8C-B86C-96CC16770134}" = protocol=6 | dir=out | app=system | "{47E1C642-D9B2-417D-B537-C4884699E991}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51F6BE78-F7B0-46B6-9CE2-102FCDB761F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6001A4E6-F532-4B76-9395-95527F2CB3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{896A2D28-DD85-4589-B637-C78A362C7CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8AD0AA77-FA5F-4B93-941E-2539CAF28244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EA9C992-485E-4E64-A984-5D586D54F9E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8FBD4BBD-9DD8-4EB5-998E-A7513D6FF8FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{90602F26-2B57-4426-91C3-05DEC81F893C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91AFB85A-709D-4943-B638-740109EABAC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{935C7BBC-3A9D-46FA-84BC-183D8BE5C755}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{99622727-32D1-4D24-96D5-3010F993EC42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A12B9C54-D928-4F5F-A4C5-FF9F649112FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A1B28D0F-4A52-4627-A6CA-2B18832E7248}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A4E43F11-12E1-4B37-85AE-03ADE33F11D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AEBF5687-1231-4764-B84D-A7E4421B5616}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B1E09984-8986-42E7-B2F1-521AF07DC68A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C662EBF1-1AD3-4A0A-8602-E9898BDB130F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CC5D41DB-903C-42AE-9519-A621C122FF6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D7BCB93C-A1E2-498A-82B6-9DBAB4A3F169}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E134880A-8FC3-444A-9CC7-65C9D5007052}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{ED40176A-8A07-43F4-9ECA-00F7065A600D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F522F88E-0E44-4CAF-BDE4-B4B4B6B05E97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bongomp3\counter-strike\hl.exe | "{FA78C56B-AEA0-46E2-BD61-7F56CF45F40C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bongomp3\counter-strike\hl.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.21 "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver "{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "BitTorrent" = BitTorrent "DAEMON Tools Lite" = DAEMON Tools Lite "Google Chrome" = Google Chrome "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.65.1.1000 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam App 10" = Counter-Strike [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-12-15 17:15:51 | Computer Name = Komputer | Source = Application Hang | ID = 1002 Description = Program eurotrucks2.exe w wersji 1.1.41799.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 8f4 Godzina rozpoczęcia: 01cddb0948257f50 Godzina zakończenia: 34 Ścieżka aplikacji: C:\Program Files (x86)\Euro Truck Simulator 2.v 1.1.1\bin\win_x86\eurotrucks2.exe Identyfikator raportu: Error - 2012-12-15 17:18:43 | Computer Name = Komputer | Source = Application Hang | ID = 1002 Description = Program eurotrucks2.exe w wersji 1.1.41799.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 604 Godzina rozpoczęcia: 01cddb09b73fd1b0 Godzina zakończenia: 42 Ścieżka aplikacji: C:\Program Files (x86)\Euro Truck Simulator 2.v 1.1.1\bin\win_x86\eurotrucks2.exe Identyfikator raportu: [ Media Center Events ] Error - 2012-12-15 17:38:12 | Computer Name = Komputer | Source = MCUpdate | ID = 0 Description = 22:38:12 - Nie można pobrać pakietu Directory (Błąd: Nie można połączyć się z serwerem zdalnym) [ System Events ] Error - 2012-12-16 04:58:50 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-16 11:58:27 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-16 17:10:28 | Computer Name = Komputer | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2012-12-17 08:32:45 | Computer Name = Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error - 2012-12-17 10:41:28 | Computer Name = Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2012-12-17 10:41:29 | Computer Name = Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR2. Error - 2012-12-17 16:21:58 | Computer Name = Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Power Manager niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. < End of report > [/log] Pozdrawiam, proszę o szybką odpowiedź bo nie zasnę spokojnie PS. Przy użyciu szczepionki ciągle teraz wyskakuje http://zapodaj.net/bf9e5e64b5dd0.png.html Gdy kliknę yes/yes to all to leci dalej ale nie naprawia tego, w Malwarebytes nie wykakuje informacja o żadnym wirusie, wiec chyba jest ok?
Gość komentarz 20 grudnia 2012 komentarz 20 grudnia 2012 oprócz szczepionki możesz użyć na wszelki wypadek skanera Dr.web cureIT lub Kaspersky Virus removal tool a w logu aktywnego jeefo nie widziałem. linki do tych skanerów masz w 2 poście po kliknięciu na [url="http://pc-com.pl/topic/8-poradnik-infekcje-w-plikach-wykonywalnych/"]"[b][color=#FF0000]Jeefo[/color][/b]"[/url] 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.