Kuba516 utworzono 9 stycznia 2013 utworzono 9 stycznia 2013 (edytowane) Proszę o sprawdzenie logów: OTL: [log]OTL logfile created on: 2013-01-09 18:41:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Pobrane 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,62% Memory free 15,90 Gb Paging File | 13,06 Gb Available in Paging File | 82,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 44,97 Gb Free Space | 56,46% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 65,22 Gb Free Space | 33,39% Space Free | Partition Type: NTFS Drive G: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (All) ========== PRC - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Pobrane\OTL.exe PRC - [2013-01-09 17:54:31 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-12-06 15:08:57 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-12-06 15:08:57 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe PRC - [2012-09-23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-25 15:13:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-07-25 15:12:24 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-07-25 15:11:22 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe PRC - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (All) ========== MOD - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Pobrane\OTL.exe MOD - [2013-01-09 17:54:31 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013-01-09 17:54:31 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-12-06 15:08:57 | 015,112,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2012-12-06 15:08:57 | 004,220,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2012-12-06 15:08:57 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012-12-06 15:08:57 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2012-12-06 15:08:57 | 000,810,976 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2012-12-06 15:08:57 | 000,638,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2012-12-06 15:08:57 | 000,370,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2012-12-06 15:08:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2012-12-06 15:08:57 | 000,258,528 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2012-12-06 15:08:57 | 000,172,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2012-12-06 15:08:57 | 000,155,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2012-12-06 15:08:57 | 000,145,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2012-12-06 15:08:57 | 000,124,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2012-12-06 15:08:57 | 000,096,224 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2012-12-06 15:08:57 | 000,092,640 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2012-12-06 15:08:57 | 000,091,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2012-12-06 15:08:57 | 000,021,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2012-12-06 15:08:57 | 000,020,960 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2012-12-06 15:08:57 | 000,019,424 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2012-12-06 15:08:57 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe MOD - [2012-12-06 15:08:57 | 000,015,840 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2012-11-14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2012-11-14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012-11-14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll MOD - [2012-11-14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012-11-14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012-11-14 02:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012-11-14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe MOD - [2012-10-11 02:04:04 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012-10-11 02:04:04 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012-10-09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2012-10-04 17:47:41 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2012-10-04 17:47:40 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2012-09-28 03:23:00 | 005,557,928 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll MOD - [2012-09-28 02:43:28 | 000,935,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2012-09-28 02:39:36 | 006,536,192 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2012-09-28 02:22:30 | 002,691,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll MOD - [2012-09-28 02:11:16 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2012-09-28 02:10:58 | 000,082,944 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll MOD - [2012-08-24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2012-06-19 18:40:20 | 001,198,080 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\LIBEAY32.dll MOD - [2012-06-19 18:40:20 | 000,303,104 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll MOD - [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012-06-06 06:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll MOD - [2012-06-06 06:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll MOD - [2012-06-02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2012-06-02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2012-06-02 05:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll MOD - [2012-06-02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2012-06-02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll MOD - [2012-06-02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2012-05-25 03:42:00 | 000,699,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\ObjBrwse.dll MOD - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe MOD - [2012-05-21 12:43:10 | 001,274,880 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\LIBEAY32.DLL MOD - [2012-05-21 12:43:10 | 000,330,752 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\SSLEAY32.DLL MOD - [2012-05-20 19:49:11 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll MOD - [2012-05-20 19:48:51 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2012-05-20 19:47:19 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2012-05-20 19:46:18 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2012-05-20 19:45:32 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2012-05-20 19:40:55 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2012-05-20 19:39:09 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2012-05-20 19:39:09 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2012-05-20 19:38:49 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2012-05-20 19:38:07 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2012-05-20 19:38:07 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2012-05-20 19:38:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devrtl.dll MOD - [2012-05-20 19:33:35 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2012-05-20 19:31:55 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2012-05-20 19:30:50 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2012-05-20 19:26:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2012-05-05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2012-04-05 10:17:06 | 001,618,440 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Common\AVKRes.dll MOD - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe MOD - [2012-02-02 18:27:54 | 002,843,136 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtCore4.dll MOD - [2012-02-02 18:27:44 | 000,276,480 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtSql4.dll MOD - [2012-02-02 18:27:34 | 001,289,728 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtNetwork4.dll MOD - [2012-02-02 18:27:08 | 010,135,040 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtGui4.dll MOD - [2012-02-02 18:26:54 | 000,527,360 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\sqldrivers\qsqlite4.dll MOD - [2012-02-02 18:26:52 | 000,288,256 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\imageformats\qjpeg4.dll MOD - [2012-02-02 18:26:52 | 000,043,008 | ---- | M] () -- E:\Programy\screenSHU\libgcc_s_dw2-1.dll MOD - [2012-02-02 18:26:52 | 000,011,362 | ---- | M] () -- E:\Programy\screenSHU\mingwm10.dll MOD - [2012-01-27 14:41:04 | 000,250,872 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll MOD - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe MOD - [2012-01-27 10:38:07 | 000,073,728 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll MOD - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe MOD - [2012-01-13 08:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010-11-21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010-11-21 04:25:10 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll MOD - [2010-11-21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010-11-21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010-11-21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010-11-21 04:24:32 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll MOD - [2010-11-21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010-11-21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010-11-21 04:24:28 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2010-11-21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010-11-21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010-11-21 04:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2010-11-21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010-11-21 04:24:16 | 001,171,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll MOD - [2010-11-21 04:24:16 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2010-11-21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010-11-21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010-11-21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010-11-21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010-11-21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010-11-21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010-11-21 04:24:14 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msftedit.dll MOD - [2010-11-21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010-11-21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010-11-21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010-11-21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010-11-21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2010-11-21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010-11-21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010-11-21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010-11-21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2010-11-21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2010-11-21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010-11-21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010-11-21 04:24:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mapi32.dll MOD - [2010-11-21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010-11-21 04:24:03 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll MOD - [2010-11-21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010-11-21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010-11-21 04:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2010-11-21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-11-21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010-11-21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010-11-21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010-11-21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010-11-21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010-11-21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010-11-21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010-11-21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010-11-21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010-11-21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010-11-21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010-11-21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010-11-21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-08-18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009-07-14 02:17:54 | 000,249,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcryptprimitives.dll MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:16:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanapi.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanutil.dll MOD - [2009-07-14 02:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wevtapi.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 02:15:41 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Defender\MpOav.dll MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009-07-14 02:15:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\idndl.dll MOD - [2009-07-14 02:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gpapi.dll MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxva2.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009-07-14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:11:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\bcrypt.dll MOD - [2009-07-14 02:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\security.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Services (SafeList) ========== SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012-06-19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-09 17:54:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-20 19:23:00 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-12-06 15:08:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012-11-15 02:40:58 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012-10-25 10:27:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012-10-19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Programy\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-09-23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-07-25 15:13:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-07-25 15:12:24 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-07-25 15:11:22 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2012-05-25 04:11:06 | 001,766,976 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012-05-14 04:26:48 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012-01-27 05:01:08 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- E:\Programy\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-12-09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011-08-30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2012-10-27 11:12:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012-10-25 10:33:12 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012-10-24 21:53:07 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2012-10-24 21:53:03 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012-10-24 21:52:55 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012-10-24 21:52:55 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012-10-24 21:52:55 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012-10-24 21:52:54 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012-09-24 17:25:10 | 000,117,912 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012-07-25 15:11:36 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012-05-20 19:46:58 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012-05-20 19:29:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012-05-20 19:29:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012-01-27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012-01-27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012-01-27 10:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012-01-18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011-11-02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008-08-14 13:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV - [2012-10-24 21:29:00 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{59B5EF52-1A08-44ac-A278-D89419214A9D}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{88302EF8-E6A1-49ba-B959-9A59E9A30F95}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-06 15:08:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-12-06 15:08:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-24 21:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Extensions [2012-12-15 14:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\3hev22t6.default\extensions [2012-12-15 14:35:15 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\firefox\profiles\3hev22t6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-04 17:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-12-06 15:08:55 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013-01-04 17:00:54 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2012-12-06 15:08:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-10-11 03:58:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-11 03:58:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-10-11 03:58:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-11 03:58:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-11 03:58:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-11 03:58:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml Hosts file not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Driver Genius] File not found O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] "E:\Programy\LogMeIn Hamach\hamachi-2-ui.exe" --auto-start File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AlcoholAutomount] E:\Programy\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [screenSHU] E:\Programy\screenSHU\screenSHU.exe () O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [Steam] E:\Gry\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B084D405-98AE-4C21-BFE5-B665FFE91326}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-23 10:19:35 | 001,747,800 | R--- | M] () - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2008-01-28 19:26:18 | 000,000,049 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell - "" = AutoRun O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2010-02-23 10:19:35 | 001,747,800 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ========== Files/Folders - Created Within 60 Days ========== [2013-01-05 15:35:33 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\FLT [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013-01-04 17:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2012-12-30 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012-12-28 15:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012-12-28 13:19:43 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\XRay Engine [2012-12-27 12:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012-12-27 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS [2012-12-25 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Hamachi [2012-12-25 18:16:15 | 000,021,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 02:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\3DMark 11 [2012-12-25 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\IsolatedStorage [2012-12-25 02:32:54 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Futuremark_Corporation [2012-12-25 02:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2012-12-25 02:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2012-12-25 02:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-12-23 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Serwer [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012-12-06 15:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012-12-02 16:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-12-02 14:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2012-11-29 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Apps [2012-11-24 16:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012-11-17 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Rockstar Games [2012-11-17 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Rockstar Games [2012-11-17 19:48:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012-11-17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-11-17 19:42:01 | 000,000,000 | RH-D | C] -- C:\Users\Kuba\AppData\Roaming\SecuROM [2012-11-17 19:37:18 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012-11-17 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012-11-17 12:58:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\BioWare [2012-11-17 12:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II [2012-11-17 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012-11-17 11:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\storage [2012-11-16 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Ubisoft Game Launcher [2012-11-16 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SKIDROW [2012-11-16 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-11-16 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012-11-16 16:46:13 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Skyrim [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\My Games [2012-11-16 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012-11-16 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\2K Games [2012-11-16 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012-11-16 08:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda [2012-11-16 08:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012-11-16 08:23:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Alcohol 120% [2012-11-15 02:38:20 | 000,040,712 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys ========== Files - Modified Within 60 Days ========== [2013-01-09 17:54:32 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-09 17:22:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-09 17:22:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-09 17:16:15 | 000,007,597 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2013-01-09 17:10:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-09 17:10:53 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2013-01-05 15:33:06 | 000,000,912 | ---- | M] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 23:25:23 | 000,000,857 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml [2012-12-30 02:25:04 | 000,000,604 | ---- | M] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-28 23:53:13 | 004,295,168 | ---- | M] () -- C:\Users\Kuba\Desktop\hamachi.msi [2012-12-27 14:12:14 | 000,001,750 | ---- | M] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 12:50:55 | 000,000,629 | ---- | M] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-22 11:22:29 | 000,276,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-12-15 15:16:49 | 000,001,007 | ---- | M] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-15 11:15:32 | 000,581,642 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2012-12-09 16:50:10 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-09 16:50:10 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-09 16:50:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-09 16:50:10 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-09 16:50:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-02 14:28:24 | 000,000,639 | ---- | M] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-12-02 00:32:53 | 000,581,172 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-11-24 16:36:11 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | M] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-22 21:37:36 | 000,885,503 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012-11-22 21:37:36 | 000,046,790 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012-11-18 17:06:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:37:18 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:15 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:49 | 000,001,158 | ---- | M] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys ========== Files Created - No Company Name ========== [2013-01-05 15:33:06 | 000,000,912 | ---- | C] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 02:25:04 | 000,000,604 | ---- | C] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-28 23:53:16 | 004,295,168 | ---- | C] () -- C:\Users\Kuba\Desktop\hamachi.msi [2012-12-27 14:12:11 | 000,001,750 | ---- | C] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 12:50:55 | 000,000,629 | ---- | C] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-15 15:16:49 | 000,001,007 | ---- | C] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-02 14:28:24 | 000,000,639 | ---- | C] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-11-24 16:36:11 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | C] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-18 17:06:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:47:16 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012-11-17 19:35:15 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:52 | 000,001,158 | ---- | C] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-16 07:04:23 | 000,007,597 | ---- | C] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2012-11-14 20:30:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-14 20:25:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-10-25 12:29:28 | 000,581,642 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2012-10-25 12:29:28 | 000,581,172 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-10-25 10:27:07 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2012-10-25 10:27:07 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2012-10-25 10:27:06 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-10-25 10:27:06 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-10-25 08:58:49 | 000,885,503 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012-10-24 21:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-10-24 21:40:55 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-10-24 21:40:55 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-10-24 21:40:55 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012-10-24 21:24:52 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012-10-24 21:18:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011-12-08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-12-24 15:35:03 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.minecraft [2013-01-04 22:58:56 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.techniclauncher [2012-10-30 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Easeware [2012-12-01 19:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\EurekaLog [2012-10-27 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\FileZilla [2013-01-04 22:58:49 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\logs [2012-10-27 10:25:35 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Notepad++ [2012-10-25 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Splashtop [2012-10-25 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Teeworlds [2013-01-07 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\TS3Client [2012-11-16 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-12-28 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\XRay Engine ========== Purity Check ========== ========== Custom Scans ========== < %systemdrive%\*.* > [2012-10-24 21:24:58 | 000,000,180 | ---- | M] () -- C:\csb.log [2013-01-09 17:10:53 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2012-10-24 21:22:19 | 000,000,206 | ---- | M] () -- C:\Install.log [2013-01-09 17:10:54 | 4240,015,359 | -HS- | M] () -- C:\pagefile.sys [2012-10-24 21:22:19 | 000,003,235 | ---- | M] () -- C:\RHDSetup.log < MD5 for: AGP440.SYS > [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: BEEP.SYS > [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys < MD5 for: CDROM.SYS > [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys < MD5 for: NDIS.SYS > [2012-08-22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys [2010-11-21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys < MD5 for: WINLOGON.EXE > [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2013-01-09 18:41:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Pobrane 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,62% Memory free 15,90 Gb Paging File | 13,06 Gb Available in Paging File | 82,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 44,97 Gb Free Space | 56,46% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 65,22 Gb Free Space | 33,39% Space Free | Partition Type: NTFS Drive G: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3687210550-4096669916-69700731-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0402F9F3-436E-469A-A985-044B3AD38A88}" = lport=139 | protocol=6 | dir=in | app=system | "{0C469EA9-3F5D-4194-ACAA-415E1D4246FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1B2C321A-2466-4EBA-AAC2-7DC7EF30E69C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1BA37879-583C-4F10-8B30-0ED6F74AAC7B}" = rport=445 | protocol=6 | dir=out | app=system | "{27D14CF6-52E1-490A-B398-AD4F18227262}" = lport=10243 | protocol=6 | dir=in | app=system | "{3FF1312F-B611-46D0-86A9-93C7407A95AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41C5074B-6F52-4445-BDE8-3EFB8989A4A3}" = rport=139 | protocol=6 | dir=out | app=system | "{4BA28922-FBB2-4345-9CA8-A68BD3DC5DB6}" = rport=137 | protocol=17 | dir=out | app=system | "{4BF9BAA8-F400-46BA-A256-D484498F74DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E6A3C61-95C6-4806-95CF-D1206CBEB9B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DADFA2D-B035-4B32-AF19-C29DC4AF812A}" = lport=138 | protocol=17 | dir=in | app=system | "{7FD0CBF1-369C-4135-ACAC-44DB052FC8E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{865C67CD-98B9-4C2B-ACD9-CF44AFC4F596}" = rport=138 | protocol=17 | dir=out | app=system | "{8D5391BC-2405-4137-B723-45247A652815}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F618A4B-4561-42BE-83CF-0DF107DC6772}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9E568D1A-78EF-47A2-AA77-4448FC58EC62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A24C93E1-AE30-42D7-ABBE-C2C6180071E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{A3731A21-3569-45AB-89AB-28C0332CD29C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AC205059-5EFD-4819-A5A0-ED84991D9030}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2FC61DB-40F6-43C7-99ED-ACED5A27FC96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC167094-9E5C-41D3-AC79-FC3FE4051A9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5B9255A-BF3E-4C56-AB0A-6F414554BF7A}" = lport=445 | protocol=6 | dir=in | app=system | "{E6162F77-C333-4460-B232-B6D815DE47E3}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AC3F0C-8246-4E43-BCDB-A30F44F85CF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{01E5BD26-6276-43AE-AC80-190B9781B892}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{06CA03F5-6AC7-41F8-9F9C-294F0DB51372}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{0B32CB88-BE07-4EC0-B543-720A7FD07CBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{0E4565EB-D503-4EA8-A7A1-36ADC0DBF883}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | "{1239F75E-211A-49AF-8082-F4679C5B344C}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{1BA64C07-A51E-48A0-B570-5869DB2E120A}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{1E765833-4DC6-458A-965F-0411C7B69586}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{1FFA03F5-35BA-4AE3-BC7C-B6F45996BD57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{27D675BA-4A82-427C-BF77-B9CB3A67A965}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{35B8646E-BF12-45A3-A004-A7F0E3F38615}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3967E8AB-8FB4-4CAE-92A6-302EB6651472}" = protocol=6 | dir=out | app=system | "{40EA44BE-7873-40D7-AE37-564A8B49ED8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{48151639-81D2-4485-801F-31F69F505E11}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{4893FC5A-DD90-4A00-8F96-56C98CF402F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E5E6FBD-1CD1-405A-92C0-F25A9FEF9456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59C803F8-936D-44EC-BCEB-5F2F3CAC73B9}" = protocol=6 | dir=in | app=e:\gry\steam\steam.exe | "{60D104FD-8A76-4ECA-8844-DDEE317F6C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{668530D9-8923-4A27-A6A5-D0A96880B468}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{68FA6A6B-4437-431F-B217-35C56E548AC1}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{73BFD577-7C1F-4E63-BF3F-89C2CF6EE9AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74A36A72-C4E4-4850-92C6-7317EA5C681D}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{891A1DB5-0D7B-488A-B0DA-C996F9D66310}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{8CD9E530-8569-4B5C-BD49-39B22FE142C8}" = protocol=6 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{8EA2CC40-1705-45C1-BA36-B0752078912A}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{96F80B77-7148-46C2-A17B-7D777CF9F7C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{9FE8FCEA-219A-4CEC-B3B5-07B7CCED103E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A47B11F4-D2F7-4501-904B-2DBD61174C85}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{A48BECCF-CB18-42DA-9CF0-4903F65C2404}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{A74120AC-D850-4FEC-9D1D-B20B9BF65727}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7C74232-6C75-4B99-8962-E0B920CCF20D}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{AD59D626-D43F-45DF-B674-DF5EA8DDB124}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE4C480D-827D-4BB8-9550-6DE602EAEC72}" = dir=in | app=e:\programy\skype\phone\skype.exe | "{B4D65F48-3DB8-4FF1-8773-5D4B286705C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7F618AB-AF27-45E3-A20C-7662799FEE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA0FA441-E99A-4421-B21F-A46DEF06F86C}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{C51CAD0E-2141-4686-9373-E0E6C9DE0148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CE96531A-66A5-4864-B9B7-D99964CC9B04}" = protocol=17 | dir=in | app=e:\gry\steam\steam.exe | "{D5D97ADE-0579-4AA8-87D3-A1F6D8635C10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D6A3FB9D-9469-470E-B1AD-92FFB58D10FB}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{D753B1BA-5A12-4AF8-BD93-5E87BEA80565}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDBD42A6-1C20-4838-88CA-DECB97300E6B}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{DF96CB38-2749-432E-8AE6-3E3874EF2C12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E3F15E8A-B34E-4B9F-8259-69BD5F3C9A16}" = protocol=17 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{E44F8A62-4C38-4596-818D-418EFCAE6896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5E2E4B3-7C16-49C3-B060-2C806C799DDE}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding "{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard "{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73F9192E-A60B-47BA-809A-AE07AF507EA7}" = S.T.A.L.K.E.R. - Shadow of Chernobyl "{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish "{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center "{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian "{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch "{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai "{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish "{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish "{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013 "{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean "{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All "{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech "{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese "{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AQQ" = WapSter AQQ "AudioCS" = Creative Audio Control Panel "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FileZilla Client" = FileZilla Client 3.5.3 "Fraps" = Fraps (remove only) "HD Tune_is1" = HD Tune 2.55 "Host OpenAL" = Host OpenAL "HotspotShield" = Hotspot Shield 2.78 "Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0 "Mafia II_is1" = Mafia II "Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OCCT" = OCCT 4.3.2 "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky "screenSHU" = screenSHU - the fastest screen capture ever. "SpeedFan" = SpeedFan (remove only) "Steam App 10" = Counter-Strike "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-01-06 04:56:10 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-01-06 14:03:26 | Computer Name = Kuba-Komputer | Source = Windows Backup | ID = 4104 Description = Error - 2013-01-07 11:05:47 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-07 11:07:15 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-01-07 16:13:38 | Computer Name = Kuba-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2013-01-08 11:15:29 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-08 11:16:56 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-01-08 12:38:01 | Computer Name = Kuba-Komputer | Source = SideBySide | ID = 16842815 Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu "language" elementu "assemblyIdentity" jest nieprawidłowa. Error - 2013-01-09 12:11:16 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-09 12:12:48 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2013-01-09 12:11:50 | Computer Name = Kuba-Komputer | Source = DCOM | ID = 10005 Description = Error - 2013-01-09 12:13:38 | Computer Name = Kuba-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-01-09 12:14:10 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-09 12:14:10 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-09 12:14:10 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-09 12:14:08 | Computer Name = Kuba-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-01-09 12:14:13 | Computer Name = Kuba-Komputer | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Wystąpił błąd podczas próby odczytu lokalnego pliku hosts. Error - 2013-01-09 12:14:37 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-09 12:14:37 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-09 12:14:37 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > [/log] RSIT: [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Kuba at 2013-01-09 20:01:06 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 46 GB (56%) free of 82 GB Total RAM: 8140 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:01:09, on 2013-01-09 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe E:\Programy\screenSHU\screenSHU.exe E:\Programy\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe E:\Pobrane\RSIT-1.06.exe C:\Program Files (x86)\trend micro\Kuba.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Programy\LogMeIn Hamach\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [Steam] "E:\Gry\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Programy\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [screenSHU] "E:\Programy\screenSHU\screenSHU.exe" --hidden O4 - HKCU\..\Run: [Skype] "E:\Programy\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Strażnik systemu plików (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - E:\Programy\Alcohol 120\AxAutoMntSrv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - E:\Programy\LogMeIn Hamach\hamachi-2.exe (file missing) O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Programy\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: G Data TopSecret Service (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12212 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-25 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}] G Data BankGuard - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll [2012-01-27 52728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-25 155384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2012-11-08 233288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEE6C35B-6118-11DC-9C72-001320C79847} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2012-07-25 133440] "USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-27 291608] "G Data AntiVirus Tray Application"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2012-05-24 985624] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2012-01-27 1470968] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "Driver Genius"= [] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-09-28 642728] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896] "LogMeIn Hamachi Ui"=E:\Programy\LogMeIn Hamach\hamachi-2-ui.exe --auto-start [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AQQ"=C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe [2012-12-31 8866816] "Steam"=E:\Gry\Steam\Steam.exe [2012-12-03 1354736] "AlcoholAutomount"=E:\Programy\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] "screenSHU"=E:\Programy\screenSHU\screenSHU.exe [2012-04-03 2121216] "Skype"=E:\Programy\Skype\Phone\Skype.exe [2012-10-19 17875120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2013-01-09 20:01:06 ----D---- C:\rsit 2013-01-04 17:01:16 ----D---- C:\ProgramData\Hotspot Shield 2013-01-04 17:00:54 ----D---- C:\Program Files (x86)\Hotspot Shield 2012-12-28 15:39:41 ----D---- C:\Program Files (x86)\trend micro 2012-12-28 13:19:43 ----D---- C:\Users\Kuba\AppData\Roaming\XRay Engine 2012-12-25 18:16:57 ----D---- C:\Users\Kuba\AppData\Roaming\Hamachi 2012-12-25 02:31:06 ----D---- C:\Program Files (x86)\Futuremark 2012-12-22 17:15:19 ----D---- C:\ProgramData\Electronic Arts 2012-12-22 17:15:19 ----D---- C:\ProgramData\EA Core 2012-12-22 00:39:02 ----A---- C:\Windows\SysWOW64\atmlib.dll 2012-12-22 00:39:01 ----A---- C:\Windows\SysWOW64\atmfd.dll 2012-12-15 15:16:48 ----D---- C:\Program Files (x86)\SpeedFan 2012-12-13 17:45:20 ----A---- C:\Windows\SysWOW64\mshtmled.dll 2012-12-13 17:45:19 ----A---- C:\Windows\SysWOW64\vbscript.dll 2012-12-13 17:45:19 ----A---- C:\Windows\SysWOW64\urlmon.dll 2012-12-13 17:45:19 ----A---- C:\Windows\SysWOW64\url.dll 2012-12-13 17:45:19 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2012-12-13 17:45:19 ----A---- C:\Windows\SysWOW64\ieui.dll 2012-12-13 17:45:18 ----A---- C:\Windows\SysWOW64\wininet.dll 2012-12-13 17:45:18 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2012-12-13 17:45:17 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2012-12-13 17:45:17 ----A---- C:\Windows\SysWOW64\jscript9.dll 2012-12-13 17:45:17 ----A---- C:\Windows\SysWOW64\jscript.dll 2012-12-13 17:45:17 ----A---- C:\Windows\SysWOW64\iertutil.dll 2012-12-13 17:45:15 ----A---- C:\Windows\SysWOW64\mshtml.dll 2012-12-13 17:45:14 ----A---- C:\Windows\SysWOW64\ieframe.dll 2012-12-13 16:14:53 ----A---- C:\Windows\SysWOW64\tzres.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-12-13 16:14:43 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\wow32.dll 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\setup16.exe 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\KernelBase.dll 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\kernel32.dll 2012-12-13 16:14:43 ----A---- C:\Windows\SysWOW64\instnm.exe 2012-12-13 16:14:42 ----A---- C:\Windows\SysWOW64\user.exe 2012-12-13 16:14:35 ----A---- C:\Windows\SysWOW64\dpnet.dll ======List of files/folders modified in the last 1 months====== 2013-01-09 20:01:09 ----D---- C:\Windows\Temp 2013-01-09 19:27:14 ----D---- C:\Users\Kuba\AppData\Roaming\Skype 2013-01-09 17:54:33 ----D---- C:\Windows\SysWOW64 2013-01-09 17:54:31 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-09 17:21:01 ----D---- C:\Windows\winsxs 2013-01-09 17:13:34 ----A---- C:\Windows\SysWOW64\log.txt 2013-01-09 17:13:30 ----D---- C:\Windows\inf 2013-01-08 17:09:04 ----SHD---- C:\System Volume Information 2013-01-08 16:15:10 ----D---- C:\Windows 2013-01-07 22:17:55 ----D---- C:\Windows\Logs 2013-01-07 20:55:32 ----D---- C:\Users\Kuba\AppData\Roaming\TS3Client 2013-01-05 15:32:49 ----SHD---- C:\Windows\Installer 2013-01-04 22:58:56 ----D---- C:\Users\Kuba\AppData\Roaming\.techniclauncher 2013-01-04 22:58:49 ----D---- C:\Users\Kuba\AppData\Roaming\logs 2013-01-04 17:01:47 ----SD---- C:\ProgramData\Microsoft 2013-01-04 17:01:16 ----HD---- C:\ProgramData 2013-01-04 17:00:54 ----RD---- C:\Program Files (x86) 2012-12-28 23:28:37 ----D---- C:\Windows\System32 2012-12-28 15:16:56 ----SHD---- C:\$Recycle.Bin 2012-12-27 13:03:41 ----RSD---- C:\Windows\assembly 2012-12-25 13:12:49 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft 2012-12-25 12:50:47 ----D---- C:\Windows\SysWOW64\directx 2012-12-25 02:31:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2012-12-24 15:42:05 ----RD---- C:\Users 2012-12-24 15:35:03 ----D---- C:\Users\Kuba\AppData\Roaming\.minecraft 2012-12-21 00:49:50 ----D---- C:\Program Files (x86)\Common Files\Steam 2012-12-16 00:49:19 ----D---- C:\Windows\debug 2012-12-15 19:52:37 ----D---- C:\Windows\SoftwareDistribution 2012-12-14 20:32:04 ----D---- C:\Windows\rescache 2012-12-13 19:08:29 ----D---- C:\Windows\SysWOW64\pl-PL 2012-12-13 19:08:27 ----D---- C:\Windows\SysWOW64\migration 2012-12-13 19:08:27 ----D---- C:\Windows\AppPatch 2012-12-13 19:08:27 ----D---- C:\Program Files (x86)\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [] R0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [] R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [] R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [] R3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [] R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [] R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [] S1 GLogin;GLogin; C:\Windows\SysWOW64\drivers\GLogin.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [] S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-10-24 30528] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [] S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-05-25 1540120] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472] R2 AVKWCtl;G Data Strażnik systemu plików; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-01-27 2006872] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-05-25 1618456] R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728] R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [2012-11-16 443760] R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488] R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-25 166720] R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-25 277824] R2 StarWindServiceAE;StarWind AE Service; E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 TSNxGService;G Data TopSecret Service; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2010-01-26 304712] R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-25 365376] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-05-25 1766976] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; E:\Programy\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; E:\Programy\LogMeIn Hamach\hamachi-2.exe -s [] S2 SkypeUpdate;Skype Updater; E:\Programy\Skype\Updater\Updater.exe [2012-10-19 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400] S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-25 79360] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-05-14 1218552] S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2012-11-15 78072] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-06 115168] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-12-20 541760] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.08 2013-01-09 20:01:10 ======Uninstall list====== -->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove 3DMark 11-->"C:\Program Files (x86)\InstallShield Installation Information\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}\setup.exe" -runfromtemp -l0x0409 -removeonly Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -maintain plugin Adobe Reader XI-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001} Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly Catalyst Control Center - Branding-->MsiExec.exe /I{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1} Counter-Strike-->"E:\Gry\Steam\steam.exe" steam://uninstall/10 Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove Dota 2-->"E:\Gry\Steam\steam.exe" steam://uninstall/570 Dragon Age II-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age 2.exe" Driver Genius Professional Edition-->"E:\Programy\DriverGenius\unins000.exe" EVEREST Ultimate Edition v5.50-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe" FileZilla Client 3.5.3-->E:\Programy\FileZilla FTP Client\uninstall.exe Fraps (remove only)-->"E:\Programy\Fraps\uninstall.exe" Futuremark SystemInfo-->"C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0409 -removeonly G Data TotalProtection 2013-->MsiExec.exe /I{CE6217F3-6072-40E2-9157-A4695C334F8E} Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly Grand Theft Auto IV-->MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301} HD Tune 2.55-->"E:\Programy\HD Tune\unins000.exe" Host OpenAL-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove Hotspot Shield 2.78-->C:\Program Files (x86)\Hotspot Shield\Uninstall.exe Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall Internet Explorer Toolbar 4.6 by SweetPacks-->MsiExec.exe /X{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF} JDownloader 0.9-->E:\Programy\JDownloader\JDUninstall.exe LogMeIn Hamachi-->MsiExec.exe /I{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52} Łatka polonizacyjna GTA IV v1.0-->"E:\Gry\Rockstar Games\Grand Theft Auto IV\Spolszczenie\Deinstalator.exe" Mafia II-->"E:\Gry\Mafia II\unins000.exe" Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F} Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Mozilla Firefox 17.0.1 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" Notepad++-->E:\Programy\Notepad++\uninstall.exe NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA} OCCT 4.3.2-->E:\Programy\OCCTPT\uninst.exe ON_OFF Charge B11.1102.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\LSetup.Exe" -removeonly Resource Hacker Version 3.6.0-->"E:\Programy\Resource Hacker\unins000.exe" S.T.A.L.K.E.R. - Clear Sky-->"E:\Gry\S.T.A.L.K.E.R. - Clear Sky\unins000.exe" S.T.A.L.K.E.R. - Shadow of Chernobyl-->C:\Program Files (x86)\InstallShield Installation Information\{73F9192E-A60B-47BA-809A-AE07AF507EA7}\setup.exe -runfromtemp -l0x0015 -removeonly screenSHU - the fastest screen capture ever.-->"E:\Programy\screenSHU\uninstall.exe" Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053} SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Team Fortress 2-->"E:\Gry\Steam\steam.exe" steam://uninstall/440 The Elder Scrolls V - Skyrim-->"E:\Gry\The Elder Scrolls V - Skyrim\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client WapSter AQQ-->C:\Program Files (x86)\WapSter\WapSter AQQ\uninstall.exe Hosts File Missing ======System event log====== Computer Name: 37L4247F27-25 Event Code: 7036 Message: Usługa Windows Event Log weszła w stan stopped. Record Number: 5 Source Name: Service Control Manager Time Written: 20101121035831.093172-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 7036 Message: Usługa Diagnostic Policy Service weszła w stan stopped. Record Number: 4 Source Name: Service Control Manager Time Written: 20101121035831.093172-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 3 Source Name: EventLog Time Written: 20121024014155.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 6009 Message: Microsoft (R) Windows (R) 6.01. 7601 Service Pack 1 Multiprocessor Free. Record Number: 2 Source Name: EventLog Time Written: 20121024014155.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 6011 Message: Nazwa NetBIOS i nazwa hosta DNS tego komputera zostały zmienione z 37L4247F27-25 na WIN-K7J0D1T7T00. Record Number: 1 Source Name: EventLog Time Written: 20121024014155.000000-000 Event Type: Informacje User: =====Application event log===== Computer Name: 37L4247F27-25 Event Code: 5617 Message: Windows Management Instrumentation Service subsystems initialized successfully Record Number: 5 Source Name: Microsoft-Windows-WMI Time Written: 20121024014209.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 5615 Message: Windows Management Instrumentation Service started sucessfully Record Number: 4 Source Name: Microsoft-Windows-WMI Time Written: 20121024014204.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 4625 Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20121024014157.000000-000 Event Type: Informacje User: Computer Name: 37L4247F27-25 Event Code: 1531 Message: Usługa profilów użytkowników została uruchomiona pomyślnie. Record Number: 2 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20121024014156.924916-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 37L4247F27-25 Event Code: 1532 Message: Usługa profilów użytkowników została zatrzymana. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20101121035831.124372-000 Event Type: Informacje User: ZARZĄDZANIE NT\SYSTEM =====Security event log===== Computer Name: 37L4247F27-25 Event Code: 4735 Message: Zmieniono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247F27-25$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Zmienione atrybuty: Nazwa konta SAM: - Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121024014132.900874-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4731 Message: Utworzono grupę lokalną z włączonymi zabezpieczeniami. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: 37L4247F27-25$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Nowa grupa: Identyfikator zabezpieczeń: S-1-5-32-551 Nazwa grupy: Operatorzy kopii zapasowych Domena grupy: Builtin Atrybuty: Nazwa konta SAM: Operatorzy kopii zapasowych Historia identyfikatora SID: - Informacje dodatkowe: Uprawnienia: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121024014132.869674-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4902 Message: Utworzono tabelę zasad inspekcji użytkownika. Liczba elementów: 0 Identyfikator zasad: 0x32f20 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121024014132.526473-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-0-0 Nazwa konta: - Domena konta: - Identyfikator logowania: 0x0 Typ logowania: 0 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x3e7 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x4 Nazwa procesu: Informacje o sieci: Nazwa stacji roboczej: - Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: - Pakiet uwierzytelniania: - Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121024014129.609268-000 Event Type: Sukcesy inspekcji User: Computer Name: 37L4247F27-25 Event Code: 4608 Message: Trwa uruchamianie systemu Windows. To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20121024014129.484468-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=3a09 "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 "AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\ -----------------EOF----------------- [/log] Z góry dziękuję i pozdrawiam :)
Natsuki Kuga komentarz 10 stycznia 2013 komentarz 10 stycznia 2013 1. Do OTL wklej: [spoiler] :OTL FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://search.sweeti...ch.asp?src=2&q=" O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Driver Genius"=- :Commands [resethosts] [emptytemp] [/spoiler]Wykonaj skrypt, pokaż raport.2. Użyj AdwCleaner z opcji Delete. Pokaż raport. 1
Kuba516 komentarz 13 stycznia 2013 Autor komentarz 13 stycznia 2013 Log z Otl'a : [log]All processes killed ========== OTL ========== Prefs.js: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 removed from extensions.enabledAddons Prefs.js: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 removed from extensions.enabledAddons Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 removed from extensions.enabledAddons Prefs.js: "http://search.sweeti...h.asp?src=2&q=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Genius deleted successfully. ========== COMMANDS ========== HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gość ->Temp folder emptied: 50826 bytes ->Temporary Internet Files folder emptied: 38417 bytes User: Kuba ->Temp folder emptied: 156683 bytes ->Temporary Internet Files folder emptied: 1799281 bytes ->Java cache emptied: 43743 bytes ->FireFox cache emptied: 451157318 bytes ->Flash cache emptied: 2220 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3842330 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67965 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 436,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01102013_162506 Files\Folders moved on Reboot... C:\Users\Kuba\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\JETBE3F.tmp moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... [/log] Raport z AdwCleaner'a : [log]# AdwCleaner v2.105 - Log utworzony 10/01/2013 o 16:38:25 # Aktualizacja 08/01/2013 przez Xplode # System operacyjny : Windows 7 Ultimate Service Pack 1 (64 bits) # Użytkownik : Kuba - KUBA-KOMPUTER # Tryb uruchomienia : Normalny # Ścieżka : E:\Pobrane\adwcleaner_www.INSTALKI.pl.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Usunięto : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\APN PIP Klucz Usunięto : HKCU\Software\InstallCore Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKCU\Software\SweetIM Klucz Usunięto : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\Software\PIP Klucz Usunięto : HKLM\Software\SweetIM Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Rejestr w porządku. -\\ Mozilla Firefox v17.0.1 (pl) Plik : C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\3hev22t6.default\prefs.js [OK] Plik w porządku. ************************* AdwCleaner[S2].txt - [2846 octets] - [10/01/2013 16:38:25] ########## EOF - C:\AdwCleaner[S2].txt - [2906 octets] ########## [/log] Odswiezam + nie wiem czy nie powinienem dać nowych logów, gdyz w procesach pojawil mi sie proces o nazwie 'doaw' z opisem 'Напоминания Windows OOBE', plik doaw znajdowal sie w C:\Users\Kuba\AppData\Roaming\Ygorom . Daje nowe logi, OTL: [log]OTL logfile created on: 2013-01-13 11:17:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Desktop\OTL & RSIT 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 74,73% Memory free 15,90 Gb Paging File | 13,24 Gb Available in Paging File | 83,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 43,18 Gb Free Space | 54,22% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 68,94 Gb Free Space | 35,30% Space Free | Partition Type: NTFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013-01-11 13:17:32 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-01-11 13:17:31 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL & RSIT\OTL.exe PRC - [2013-01-09 17:54:31 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-12-20 19:23:00 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-03 20:19:31 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.exe PRC - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012-10-22 14:23:04 | 000,364,832 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-10-22 14:23:02 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe PRC - [2012-08-23 17:16:22 | 000,165,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe PRC - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-07-14 02:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dllhost.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013-01-11 13:17:32 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-01-11 13:17:32 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013-01-11 13:17:32 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013-01-11 13:17:32 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013-01-11 13:17:32 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013-01-11 13:17:32 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013-01-11 13:17:32 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013-01-11 13:17:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013-01-11 13:17:32 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013-01-11 13:17:32 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013-01-11 13:17:32 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013-01-11 13:17:32 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013-01-11 13:17:32 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013-01-11 13:17:31 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013-01-11 13:17:31 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013-01-11 13:17:31 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013-01-11 13:17:31 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013-01-11 13:17:31 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013-01-11 13:17:31 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013-01-11 13:17:31 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2013-01-11 13:17:31 | 000,017,456 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe MOD - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL & RSIT\OTL.exe MOD - [2013-01-09 17:54:31 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013-01-09 17:54:31 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-12-20 19:23:13 | 000,647,168 | ---- | M] () -- E:\Gry\Steam\sdl.dll MOD - [2012-12-20 19:23:09 | 000,282,176 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\crashhandler.dll MOD - [2012-12-20 19:23:06 | 007,020,608 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\steamclient.dll MOD - [2012-12-20 19:23:06 | 000,242,240 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\tier0_s.dll MOD - [2012-12-20 19:23:06 | 000,214,080 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\vstdlib_s.dll MOD - [2012-12-20 19:23:04 | 000,122,864 | ---- | M] (Valve) -- E:\Gry\Steam\CSERHelper.dll MOD - [2012-12-20 19:23:00 | 000,673,344 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\bin\vgui2_s.dll MOD - [2012-12-20 19:22:59 | 001,782,336 | ---- | M] (Valve Corporation) -- e:\Gry\Steam\bin\ServerBrowser.dll MOD - [2012-12-20 19:22:58 | 020,320,240 | ---- | M] () -- E:\Gry\Steam\bin\libcef.dll MOD - [2012-12-20 19:22:56 | 009,955,112 | ---- | M] (The ICU Project) -- E:\Gry\Steam\bin\icudt.dll MOD - [2012-12-20 19:22:56 | 002,378,304 | ---- | M] (Valve Corporation) -- e:\Gry\Steam\bin\friendsUI.dll MOD - [2012-12-20 19:22:56 | 000,969,280 | ---- | M] () -- E:\Gry\Steam\bin\chromehtml.dll MOD - [2012-12-20 19:22:56 | 000,170,048 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\bin\FileSystem_Steam.dll MOD - [2012-12-20 19:22:54 | 000,124,416 | ---- | M] () -- E:\Gry\Steam\bin\avutil-51.dll MOD - [2012-12-20 19:22:52 | 000,192,000 | ---- | M] () -- E:\Gry\Steam\bin\avformat-53.dll MOD - [2012-12-20 19:22:50 | 001,100,800 | ---- | M] () -- E:\Gry\Steam\bin\avcodec-53.dll MOD - [2012-12-20 19:22:49 | 002,895,424 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.dll MOD - [2012-12-20 19:22:47 | 008,192,576 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\SteamUI.dll MOD - [2012-12-20 19:22:47 | 001,039,192 | ---- | M] (Microsoft Corporation) -- E:\Gry\Steam\dbghelp.dll MOD - [2012-12-07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll MOD - [2012-12-03 20:19:31 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.exe MOD - [2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2012-11-30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2012-11-22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2012-11-14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2012-11-14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012-11-14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll MOD - [2012-11-14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012-11-14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012-11-14 02:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012-11-14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012-11-06 17:08:40 | 005,628,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll MOD - [2012-11-06 16:29:34 | 000,959,488 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2012-11-06 16:25:44 | 006,669,824 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2012-11-06 16:05:34 | 004,162,048 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll MOD - [2012-11-06 15:54:52 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2012-11-06 15:54:38 | 000,083,968 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll MOD - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe MOD - [2012-10-11 02:04:04 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012-10-11 02:04:04 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012-10-09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2012-08-24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012-07-27 10:26:30 | 001,198,080 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\LIBEAY32.dll MOD - [2012-07-27 10:26:30 | 000,303,104 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll MOD - [2012-07-04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll MOD - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012-06-02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2012-06-02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll MOD - [2012-06-02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2012-06-02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2012-05-31 11:29:22 | 000,405,032 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKScanJobC.dll MOD - [2012-05-25 03:42:00 | 000,699,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\ObjBrwse.dll MOD - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe MOD - [2012-05-21 12:43:10 | 001,274,880 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\LIBEAY32.DLL MOD - [2012-05-21 12:43:10 | 000,330,752 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\SSLEAY32.DLL MOD - [2012-05-20 19:49:11 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll MOD - [2012-05-20 19:48:51 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2012-05-20 19:47:19 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2012-05-20 19:46:58 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2012-05-20 19:46:18 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2012-05-20 19:45:32 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2012-05-20 19:40:55 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2012-05-20 19:39:09 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2012-05-20 19:39:09 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2012-05-20 19:38:49 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2012-05-20 19:38:07 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2012-05-20 19:38:07 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2012-05-20 19:33:35 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2012-05-20 19:31:55 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2012-05-20 19:30:50 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2012-05-20 19:26:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2012-05-05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2012-04-05 10:17:06 | 001,618,440 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Common\AVKRes.dll MOD - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe MOD - [2012-02-02 18:27:54 | 002,843,136 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtCore4.dll MOD - [2012-02-02 18:27:44 | 000,276,480 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtSql4.dll MOD - [2012-02-02 18:27:34 | 001,289,728 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtNetwork4.dll MOD - [2012-02-02 18:27:08 | 010,135,040 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtGui4.dll MOD - [2012-02-02 18:26:54 | 000,527,360 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\sqldrivers\qsqlite4.dll MOD - [2012-02-02 18:26:52 | 000,288,256 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\imageformats\qjpeg4.dll MOD - [2012-02-02 18:26:52 | 000,043,008 | ---- | M] () -- E:\Programy\screenSHU\libgcc_s_dw2-1.dll MOD - [2012-02-02 18:26:52 | 000,011,362 | ---- | M] () -- E:\Programy\screenSHU\mingwm10.dll MOD - [2012-01-27 14:41:04 | 000,250,872 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll MOD - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe MOD - [2012-01-27 10:38:07 | 000,073,728 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll MOD - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe MOD - [2012-01-27 04:41:54 | 000,179,192 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKScanP\AVKScanP.dll MOD - [2012-01-13 08:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010-11-21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010-11-21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010-11-21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010-11-21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010-11-21 04:24:32 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll MOD - [2010-11-21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010-11-21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010-11-21 04:24:28 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2010-11-21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2010-11-21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010-11-21 04:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2010-11-21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010-11-21 04:24:16 | 001,171,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll MOD - [2010-11-21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010-11-21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010-11-21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010-11-21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010-11-21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010-11-21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010-11-21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010-11-21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010-11-21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010-11-21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010-11-21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2010-11-21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010-11-21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010-11-21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010-11-21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2010-11-21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2010-11-21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2010-11-21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010-11-21 04:24:08 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pdh.dll MOD - [2010-11-21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010-11-21 04:24:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mapi32.dll MOD - [2010-11-21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010-11-21 04:24:03 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll MOD - [2010-11-21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010-11-21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010-11-21 04:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2010-11-21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-11-21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010-11-21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010-11-21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010-11-21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010-11-21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010-11-21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010-11-21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010-11-21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010-11-21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010-11-21 04:23:51 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll MOD - [2010-11-21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010-11-21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010-11-21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010-11-21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-08-18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanapi.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanutil.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009-07-14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 000,791,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\opengl32.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009-07-14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 02:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mpr.dll MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 02:15:27 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icm32.dll MOD - [2009-07-14 02:15:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\idndl.dll MOD - [2009-07-14 02:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\hid.dll MOD - [2009-07-14 02:15:22 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\glu32.dll MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll MOD - [2009-07-14 02:15:11 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dinput8.dll MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 02:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll MOD - [2009-07-14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009-07-14 02:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll MOD - [2009-07-14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dllhost.exe MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\security.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2007-04-04 18:53:42 | 000,081,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xinput1_3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-11-06 16:19:14 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2012-07-27 10:54:18 | 000,636,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-11 13:17:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-09 17:54:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-20 19:23:00 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012-11-15 02:40:58 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012-10-25 10:27:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012-10-22 14:23:04 | 000,364,832 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-10-22 14:23:02 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-10-19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Programy\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-08-23 17:16:22 | 000,165,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2012-05-25 04:11:06 | 001,766,976 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012-05-14 04:26:48 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012-01-27 05:01:08 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- E:\Programy\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-12-09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011-08-30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2012-12-19 06:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:[b]64bit:[/b] - [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:[b]64bit:[/b] - [2012-11-06 17:06:46 | 011,269,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-11-06 15:56:36 | 000,550,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-10-27 11:12:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:[b]64bit:[/b] - [2012-10-25 10:33:12 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-10-24 21:53:07 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:[b]64bit:[/b] - [2012-10-24 21:53:03 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:[b]64bit:[/b] - [2012-10-24 21:52:54 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:[b]64bit:[/b] - [2012-07-12 19:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-06-05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2012-05-20 19:46:58 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-05-20 19:29:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012-05-20 19:29:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-01-18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b]64bit:[/b] - [2011-11-02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:[b]64bit:[/b] - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-08-14 13:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV - [2012-10-24 21:29:00 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{59B5EF52-1A08-44ac-A278-D89419214A9D}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{88302EF8-E6A1-49ba-B959-9A59E9A30F95}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-11 13:17:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-11 13:17:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-24 21:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Extensions [2012-12-15 14:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\3hev22t6.default\extensions [2012-12-15 14:35:15 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\firefox\profiles\3hev22t6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-11 13:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-11 13:17:29 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013-01-11 13:17:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-10-11 03:58:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-11 03:58:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-10-11 03:58:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-11 03:58:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-11 03:58:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-11 03:58:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2013-01-10 16:25:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AlcoholAutomount] E:\Programy\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [Moozryhar] C:\Users\Kuba\AppData\Roaming\Ygorom\doaw.exe (Корпорация Майкрософт) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [screenSHU] E:\Programy\screenSHU\screenSHU.exe () O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [Steam] E:\Gry\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B084D405-98AE-4C21-BFE5-B665FFE91326}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell - "" = AutoRun O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013-01-12 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ypun [2013-01-12 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ymzuor [2013-01-12 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ygorom [2013-01-11 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-10 20:15:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-01-10 19:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-01-10 19:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013-01-10 19:13:59 | 000,550,912 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013-01-10 19:13:59 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013-01-10 19:13:59 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013-01-10 19:13:59 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.dll [2013-01-10 19:13:59 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013-01-10 19:11:31 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013-01-10 19:11:31 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013-01-10 19:11:31 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013-01-10 19:11:31 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013-01-10 19:11:31 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013-01-10 19:11:31 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013-01-10 19:11:31 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013-01-10 19:11:31 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013-01-10 19:11:31 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013-01-10 19:11:31 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013-01-10 19:11:31 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013-01-10 19:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013-01-10 19:00:00 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013-01-10 18:59:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013-01-10 18:59:59 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013-01-10 18:59:59 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013-01-10 18:59:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013-01-10 18:59:56 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013-01-10 18:59:56 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013-01-10 18:59:56 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013-01-10 18:59:56 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013-01-10 18:59:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013-01-10 18:59:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013-01-10 18:59:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013-01-10 18:59:35 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013-01-10 18:59:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013-01-10 18:59:13 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013-01-10 18:59:05 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013-01-10 16:51:56 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\OTL & RSIT [2013-01-09 20:01:06 | 000,000,000 | ---D | C] -- C:\rsit [2013-01-05 15:35:33 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\FLT [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013-01-04 17:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2012-12-31 10:39:05 | 000,118,504 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2012-12-30 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012-12-28 15:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012-12-28 13:19:43 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\XRay Engine [2012-12-27 12:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012-12-27 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS [2012-12-25 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Hamachi [2012-12-25 18:16:15 | 000,021,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 02:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\3DMark 11 [2012-12-25 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\IsolatedStorage [2012-12-25 02:32:54 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Futuremark_Corporation [2012-12-25 02:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2012-12-25 02:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2012-12-25 02:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-12-23 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Serwer [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012-12-02 16:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-12-02 14:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2012-11-29 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Apps [2012-11-24 16:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012-11-17 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Rockstar Games [2012-11-17 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Rockstar Games [2012-11-17 19:48:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012-11-17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-11-17 19:42:01 | 000,000,000 | RH-D | C] -- C:\Users\Kuba\AppData\Roaming\SecuROM [2012-11-17 19:37:18 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012-11-17 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012-11-17 12:58:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\BioWare [2012-11-17 12:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II [2012-11-17 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012-11-17 11:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\storage [2012-11-16 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Ubisoft Game Launcher [2012-11-16 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SKIDROW [2012-11-16 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-11-16 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012-11-16 16:46:13 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Skyrim [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\My Games [2012-11-16 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012-11-16 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\2K Games [2012-11-16 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012-11-16 08:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda [2012-11-16 08:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012-11-16 08:23:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Alcohol 120% [2012-11-15 02:38:20 | 000,040,712 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013-01-13 11:07:01 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-13 11:07:01 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-13 10:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-13 10:58:49 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2013-01-13 02:54:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-12 22:51:55 | 004,295,168 | ---- | M] () -- C:\Users\Kuba\Desktop\hamachi.msi [2013-01-11 19:30:38 | 000,582,227 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2013-01-10 18:31:15 | 000,007,597 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2013-01-10 16:25:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013-01-10 13:29:55 | 000,276,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-01-05 15:33:06 | 000,000,912 | ---- | M] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 23:25:23 | 000,000,857 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml [2012-12-30 02:25:04 | 000,000,604 | ---- | M] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-27 14:12:14 | 000,001,750 | ---- | M] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 12:50:55 | 000,000,629 | ---- | M] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-19 06:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2012-12-15 15:16:49 | 000,001,007 | ---- | M] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-15 11:15:32 | 000,581,642 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-12-09 16:50:10 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-09 16:50:10 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-09 16:50:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-09 16:50:10 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-09 16:50:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-02 14:28:24 | 000,000,639 | ---- | M] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-11-28 02:30:22 | 000,381,365 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012-11-24 16:36:11 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | M] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-22 21:37:36 | 000,885,503 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012-11-22 21:37:36 | 000,046,790 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012-11-20 01:18:06 | 002,714,720 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012-11-18 17:06:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:37:18 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:15 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:49 | 000,001,158 | ---- | M] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-12 22:51:57 | 004,295,168 | ---- | C] () -- C:\Users\Kuba\Desktop\hamachi.msi [2013-01-10 19:13:59 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013-01-10 19:13:59 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013-01-10 19:13:59 | 000,662,787 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013-01-10 19:13:59 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2013-01-10 19:13:59 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2013-01-10 19:13:59 | 000,076,660 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2013-01-10 19:13:59 | 000,042,347 | ---- | C] () -- C:\Windows\atiogl.xml [2013-01-10 19:13:58 | 000,324,664 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2013-01-10 19:13:58 | 000,324,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013-01-10 18:59:55 | 000,381,365 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013-01-05 15:33:06 | 000,000,912 | ---- | C] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 02:25:04 | 000,000,604 | ---- | C] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-27 14:12:11 | 000,001,750 | ---- | C] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 12:50:55 | 000,000,629 | ---- | C] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-15 15:16:49 | 000,001,007 | ---- | C] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-02 14:28:24 | 000,000,639 | ---- | C] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-11-24 16:36:11 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | C] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-18 17:06:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:47:16 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012-11-17 19:35:15 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:52 | 000,001,158 | ---- | C] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-16 07:04:23 | 000,007,597 | ---- | C] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2012-11-14 20:30:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-14 20:25:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-10-25 12:29:28 | 000,582,227 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2012-10-25 12:29:28 | 000,581,642 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-10-25 10:27:07 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2012-10-25 10:27:07 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2012-10-25 10:27:06 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-10-25 10:27:06 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-10-25 08:58:49 | 000,885,503 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012-10-24 21:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-10-24 21:40:55 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-10-24 21:40:55 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-10-24 21:40:55 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012-10-24 21:24:52 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012-10-24 21:18:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011-12-08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-10-25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Temp\Rar$DRa0.025\reifnsk\minimap\n.png [2012-10-25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Temp\Rar$DRa0.025\reifnsk\minimap\zantextures\n.png [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-01-12 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.minecraft [2013-01-11 19:31:22 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.techniclauncher [2012-10-30 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Easeware [2012-12-01 19:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\EurekaLog [2012-10-27 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\FileZilla [2013-01-11 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\logs [2012-10-27 10:25:35 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Notepad++ [2012-10-25 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Splashtop [2012-10-25 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Teeworlds [2013-01-13 03:15:29 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\TS3Client [2012-11-16 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-12-28 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\XRay Engine [2013-01-13 11:14:40 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ygorom [2013-01-13 10:59:57 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ymzuor [2013-01-12 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ypun [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2013-01-10 16:38:30 | 000,002,965 | ---- | M] () -- C:\AdwCleaner[S2].txt [2012-10-24 21:24:58 | 000,000,180 | ---- | M] () -- C:\csb.log [2013-01-13 10:58:49 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2012-10-24 21:22:19 | 000,000,206 | ---- | M] () -- C:\Install.log [2013-01-13 10:58:52 | 4240,015,359 | -HS- | M] () -- C:\pagefile.sys [2012-10-24 21:22:19 | 000,003,235 | ---- | M] () -- C:\RHDSetup.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2012-08-22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys [2010-11-21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2013-01-13 11:17:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Desktop\OTL & RSIT 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 74,73% Memory free 15,90 Gb Paging File | 13,24 Gb Available in Paging File | 83,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 43,18 Gb Free Space | 54,22% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 68,94 Gb Free Space | 35,30% Space Free | Partition Type: NTFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3687210550-4096669916-69700731-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0402F9F3-436E-469A-A985-044B3AD38A88}" = lport=139 | protocol=6 | dir=in | app=system | "{0C469EA9-3F5D-4194-ACAA-415E1D4246FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1B2C321A-2466-4EBA-AAC2-7DC7EF30E69C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1BA37879-583C-4F10-8B30-0ED6F74AAC7B}" = rport=445 | protocol=6 | dir=out | app=system | "{27D14CF6-52E1-490A-B398-AD4F18227262}" = lport=10243 | protocol=6 | dir=in | app=system | "{3FF1312F-B611-46D0-86A9-93C7407A95AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41C5074B-6F52-4445-BDE8-3EFB8989A4A3}" = rport=139 | protocol=6 | dir=out | app=system | "{4BA28922-FBB2-4345-9CA8-A68BD3DC5DB6}" = rport=137 | protocol=17 | dir=out | app=system | "{4BF9BAA8-F400-46BA-A256-D484498F74DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E6A3C61-95C6-4806-95CF-D1206CBEB9B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DADFA2D-B035-4B32-AF19-C29DC4AF812A}" = lport=138 | protocol=17 | dir=in | app=system | "{7FD0CBF1-369C-4135-ACAC-44DB052FC8E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{865C67CD-98B9-4C2B-ACD9-CF44AFC4F596}" = rport=138 | protocol=17 | dir=out | app=system | "{8D5391BC-2405-4137-B723-45247A652815}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F618A4B-4561-42BE-83CF-0DF107DC6772}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9E568D1A-78EF-47A2-AA77-4448FC58EC62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A24C93E1-AE30-42D7-ABBE-C2C6180071E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{A3731A21-3569-45AB-89AB-28C0332CD29C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AC205059-5EFD-4819-A5A0-ED84991D9030}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2FC61DB-40F6-43C7-99ED-ACED5A27FC96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC167094-9E5C-41D3-AC79-FC3FE4051A9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5B9255A-BF3E-4C56-AB0A-6F414554BF7A}" = lport=445 | protocol=6 | dir=in | app=system | "{E6162F77-C333-4460-B232-B6D815DE47E3}" = lport=137 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AC3F0C-8246-4E43-BCDB-A30F44F85CF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{01E5BD26-6276-43AE-AC80-190B9781B892}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{06CA03F5-6AC7-41F8-9F9C-294F0DB51372}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{0B32CB88-BE07-4EC0-B543-720A7FD07CBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{0E4565EB-D503-4EA8-A7A1-36ADC0DBF883}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | "{1693391B-A07A-4AF6-9CE2-9CAA73CB39C5}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{1BA64C07-A51E-48A0-B570-5869DB2E120A}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{1E765833-4DC6-458A-965F-0411C7B69586}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{1FFA03F5-35BA-4AE3-BC7C-B6F45996BD57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{27D675BA-4A82-427C-BF77-B9CB3A67A965}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3565FDA4-18B6-43EF-8A4E-DF717063C027}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{35B8646E-BF12-45A3-A004-A7F0E3F38615}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3967E8AB-8FB4-4CAE-92A6-302EB6651472}" = protocol=6 | dir=out | app=system | "{40EA44BE-7873-40D7-AE37-564A8B49ED8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4893FC5A-DD90-4A00-8F96-56C98CF402F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E5E6FBD-1CD1-405A-92C0-F25A9FEF9456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59C803F8-936D-44EC-BCEB-5F2F3CAC73B9}" = protocol=6 | dir=in | app=e:\gry\steam\steam.exe | "{60D104FD-8A76-4ECA-8844-DDEE317F6C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{668530D9-8923-4A27-A6A5-D0A96880B468}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{68FA6A6B-4437-431F-B217-35C56E548AC1}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{73BFD577-7C1F-4E63-BF3F-89C2CF6EE9AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74A36A72-C4E4-4850-92C6-7317EA5C681D}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{8579DBAD-0B00-48DD-870D-66876F929AAC}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{891A1DB5-0D7B-488A-B0DA-C996F9D66310}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{8CD9E530-8569-4B5C-BD49-39B22FE142C8}" = protocol=6 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{8EA2CC40-1705-45C1-BA36-B0752078912A}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{96F80B77-7148-46C2-A17B-7D777CF9F7C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{9FE8FCEA-219A-4CEC-B3B5-07B7CCED103E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A48BECCF-CB18-42DA-9CF0-4903F65C2404}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{A74120AC-D850-4FEC-9D1D-B20B9BF65727}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AD59D626-D43F-45DF-B674-DF5EA8DDB124}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE4C480D-827D-4BB8-9550-6DE602EAEC72}" = dir=in | app=e:\programy\skype\phone\skype.exe | "{B4D65F48-3DB8-4FF1-8773-5D4B286705C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7F618AB-AF27-45E3-A20C-7662799FEE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA0FA441-E99A-4421-B21F-A46DEF06F86C}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{C51CAD0E-2141-4686-9373-E0E6C9DE0148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CE96531A-66A5-4864-B9B7-D99964CC9B04}" = protocol=17 | dir=in | app=e:\gry\steam\steam.exe | "{D30266DC-B828-4F3E-99A4-243E3514572E}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{D5D97ADE-0579-4AA8-87D3-A1F6D8635C10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D6A3FB9D-9469-470E-B1AD-92FFB58D10FB}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{D753B1BA-5A12-4AF8-BD93-5E87BEA80565}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDBD42A6-1C20-4838-88CA-DECB97300E6B}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{DF96CB38-2749-432E-8AE6-3E3874EF2C12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E3F15E8A-B34E-4B9F-8259-69BD5F3C9A16}" = protocol=17 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{E44F8A62-4C38-4596-818D-418EFCAE6896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5E2E4B3-7C16-49C3-B060-2C806C799DDE}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08CFAEF6-7D08-9A9B-2089-FC25350C5FF4}" = ccc-utility64 "{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9 "{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding "{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0841A593-C7D8-E4EF-9F26-CA0EE369033C}" = Catalyst Control Center "{1432AA8A-09CC-E585-7FFB-4DC255456A57}" = CCC Help English "{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard "{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5C56EB7A-A016-E031-525F-C967EF9749B9}" = CCC Help French "{5DA69605-2A7F-6028-8A10-0549F924174E}" = CCC Help Italian "{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6D62F011-4303-8BCC-398D-AE61684880FF}" = CCC Help German "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73F9192E-A60B-47BA-809A-AE07AF507EA7}" = S.T.A.L.K.E.R. - Shadow of Chernobyl "{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish "{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish "{7F2D87D4-5152-31B5-D7CF-67E329F6FB94}" = CCC Help Chinese Traditional "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83BE5026-D306-FE60-73D7-C9BCEE0E55E5}" = CCC Help Russian "{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B758A3B-0966-A84F-9D2D-42D8025D04B2}" = CCC Help Spanish "{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center "{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian "{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch "{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai "{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish "{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish "{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) "{B2F6521E-0207-036B-C0C3-2013BF182F86}" = CCC Help Japanese "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013 "{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean "{D0D79D77-2A6C-B156-76AB-C0F93D0A40EB}" = CCC Help Chinese Standard "{D33626D5-3D55-C79B-C372-F1D1734D8025}" = Catalyst Control Center InstallProxy "{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All "{D72FF5C1-0DE5-17C3-F0B8-7C1CBF98C5D5}" = CCC Help Korean "{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech "{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese "{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E976B61A-251E-396A-9724-675C1DDE2C6F}" = Catalyst Control Center Localization All "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AQQ" = WapSter AQQ "AudioCS" = Creative Audio Control Panel "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FileZilla Client" = FileZilla Client 3.5.3 "Fraps" = Fraps (remove only) "HD Tune_is1" = HD Tune 2.55 "Host OpenAL" = Host OpenAL "HotspotShield" = Hotspot Shield 2.78 "Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0 "Mafia II_is1" = Mafia II "Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OCCT" = OCCT 4.3.2 "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky "screenSHU" = screenSHU - the fastest screen capture ever. "SpeedFan" = SpeedFan (remove only) "Steam App 10" = Counter-Strike "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-01-12 22:00:26 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:00:27 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-12 22:00:34 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:00:34 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-12 22:16:51 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:16:51 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-12 22:16:58 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:16:58 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-13 05:59:29 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-13 06:00:45 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2013-01-12 15:46:04 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-12 15:46:04 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-12 15:46:04 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-12 22:00:39 | Computer Name = Kuba-Komputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń dla programu Microsoft .NET Framework 4 w systemach Windows XP, Server 2003, Vista, Windows 7, Server 2008 i Server 2008 R2 dla syst. opartych na proc. x64 (KB2742595). Error - 2013-01-12 22:16:59 | Computer Name = Kuba-Komputer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń dla programu Microsoft .NET Framework 4 w systemach Windows XP, Server 2003, Vista, Windows 7, Server 2008 i Server 2008 R2 dla syst. opartych na proc. x64 (KB2742595). Error - 2013-01-13 05:59:07 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: %%2 Error - 2013-01-13 05:59:38 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: GLogin Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > [/log] Rsit [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Kuba at 2013-01-13 11:26:09 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 44 GB (54%) free of 82 GB Total RAM: 8140 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:26:12, on 2013-01-13 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe E:\Gry\Steam\Steam.exe E:\Programy\screenSHU\screenSHU.exe E:\Programy\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\DllHost.exe C:\Users\Kuba\Desktop\OTL & RSIT\RSIT-1.06.exe C:\Program Files (x86)\trend micro\Kuba.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ˙ţ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [Steam] "E:\Gry\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Programy\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [screenSHU] "E:\Programy\screenSHU\screenSHU.exe" --hidden O4 - HKCU\..\Run: [Skype] "E:\Programy\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Moozryhar] C:\Users\Kuba\AppData\Roaming\Ygorom\doaw.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Strażnik systemu plików (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - E:\Programy\Alcohol 120\AxAutoMntSrv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - E:\Programy\LogMeIn Hamach\hamachi-2.exe (file missing) O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Programy\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: G Data TopSecret Service (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11869 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-25 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}] G Data BankGuard - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll [2012-01-27 52728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-25 155384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2012-07-25 133440] "USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-27 291608] "G Data AntiVirus Tray Application"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2012-05-24 985624] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2012-01-27 1470968] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-06 642216] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AQQ"=C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe [2012-12-31 8866816] "Steam"=E:\Gry\Steam\Steam.exe [2012-12-03 1354736] "AlcoholAutomount"=E:\Programy\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] "screenSHU"=E:\Programy\screenSHU\screenSHU.exe [2012-04-03 2121216] "Skype"=E:\Programy\Skype\Phone\Skype.exe [2012-10-19 17875120] "Moozryhar"=C:\Users\Kuba\AppData\Roaming\Ygorom\doaw.exe [2012-12-06 313624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2013-01-12 11:20:17 ----D---- C:\Users\Kuba\AppData\Roaming\Ypun 2013-01-12 11:20:17 ----D---- C:\Users\Kuba\AppData\Roaming\Ymzuor 2013-01-12 11:20:17 ----D---- C:\Users\Kuba\AppData\Roaming\Ygorom 2013-01-11 13:17:29 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-01-10 20:15:14 ----SHD---- C:\Config.Msi 2013-01-10 19:21:38 ----D---- C:\ProgramData\ATI 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\atisamu32.dll 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\atioglxx.dll 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\atimpc32.dll 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\atiglpxx.dll 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\atigktxx.dll 2013-01-10 19:13:59 ----A---- C:\Windows\SysWOW64\amdpcom32.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\aticalrt.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\aticaldd.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\aticalcl.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\atiadlxy.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\ati2edxx.dll 2013-01-10 19:13:58 ----A---- C:\Windows\SysWOW64\amdave32.dll 2013-01-10 19:00:16 ----D---- C:\Windows\SysWOW64\RTCOM 2013-01-10 18:59:47 ----A---- C:\Windows\SysWOW64\MBAPO32.dll 2013-01-10 16:38:25 ----A---- C:\AdwCleaner[S2].txt 2013-01-09 20:01:06 ----D---- C:\rsit 2013-01-09 17:21:44 ----A---- C:\Windows\SysWOW64\win32spl.dll 2013-01-09 17:21:39 ----A---- C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 17:21:39 ----A---- C:\Windows\SysWOW64\msxml6.dll 2013-01-09 17:21:39 ----A---- C:\Windows\SysWOW64\msxml3.dll 2013-01-09 17:21:38 ----A---- C:\Windows\SysWOW64\usp10.dll 2013-01-09 17:21:36 ----A---- C:\Windows\SysWOW64\Wpc.dll 2013-01-09 17:21:36 ----A---- C:\Windows\SysWOW64\gameux.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 17:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\wow32.dll 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\user.exe 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\setup16.exe 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\kernel32.dll 2013-01-09 17:21:22 ----A---- C:\Windows\SysWOW64\instnm.exe 2013-01-04 17:01:16 ----D---- C:\ProgramData\Hotspot Shield 2013-01-04 17:00:54 ----D---- C:\Program Files (x86)\Hotspot Shield 2012-12-28 15:39:41 ----D---- C:\Program Files (x86)\trend micro 2012-12-28 13:19:43 ----D---- C:\Users\Kuba\AppData\Roaming\XRay Engine 2012-12-25 18:16:57 ----D---- C:\Users\Kuba\AppData\Roaming\Hamachi 2012-12-25 02:31:06 ----D---- C:\Program Files (x86)\Futuremark 2012-12-22 17:15:19 ----D---- C:\ProgramData\Electronic Arts 2012-12-22 17:15:19 ----D---- C:\ProgramData\EA Core 2012-12-22 00:39:02 ----A---- C:\Windows\SysWOW64\atmlib.dll 2012-12-22 00:39:01 ----A---- C:\Windows\SysWOW64\atmfd.dll 2012-12-15 15:16:48 ----D---- C:\Program Files (x86)\SpeedFan ======List of files/folders modified in the last 1 months====== 2013-01-13 11:26:12 ----D---- C:\Windows\Temp 2013-01-13 11:01:47 ----A---- C:\Windows\SysWOW64\log.txt 2013-01-13 11:01:07 ----D---- C:\Users\Kuba\AppData\Roaming\Skype 2013-01-13 03:16:58 ----SHD---- C:\Windows\Installer 2013-01-13 03:16:38 ----SHD---- C:\System Volume Information 2013-01-13 03:15:29 ----D---- C:\Users\Kuba\AppData\Roaming\TS3Client 2013-01-13 01:00:00 ----D---- C:\Windows\inf 2013-01-13 01:00:00 ----D---- C:\Windows 2013-01-12 16:49:30 ----D---- C:\Users\Kuba\AppData\Roaming\.minecraft 2013-01-12 11:20:24 ----SD---- C:\Users\Kuba\AppData\Roaming\Microsoft 2013-01-12 10:09:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2013-01-11 19:31:22 ----D---- C:\Users\Kuba\AppData\Roaming\.techniclauncher 2013-01-11 19:30:29 ----D---- C:\Users\Kuba\AppData\Roaming\logs 2013-01-11 17:57:52 ----RD---- C:\Program Files (x86) 2013-01-10 21:20:52 ----D---- C:\Windows\rescache 2013-01-10 20:16:07 ----D---- C:\ProgramData\DriverGenius 2013-01-10 20:15:48 ----HD---- C:\ProgramData 2013-01-10 20:15:37 ----D---- C:\Program Files (x86)\Intel 2013-01-10 19:56:42 ----HD---- C:\Program Files (x86)\Temp 2013-01-10 19:42:50 ----D---- C:\Windows\SysWOW64 2013-01-10 19:42:50 ----D---- C:\Windows\System32 2013-01-10 19:41:14 ----D---- C:\Windows\SysWOW64\Atheros_L1e 2013-01-10 19:16:36 ----D---- C:\ProgramData\AMD 2013-01-10 18:58:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-01-10 16:52:54 ----D---- C:\Windows\debug 2013-01-10 13:58:37 ----D---- C:\Windows\Microsoft.NET 2013-01-10 13:58:21 ----RSD---- C:\Windows\assembly 2013-01-10 13:30:28 ----D---- C:\Windows\winsxs 2013-01-10 13:28:45 ----D---- C:\Windows\SysWOW64\pl-PL 2013-01-10 13:28:41 ----D---- C:\Windows\AppPatch 2013-01-09 17:54:31 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-07 22:17:55 ----D---- C:\Windows\Logs 2013-01-04 17:01:47 ----SD---- C:\ProgramData\Microsoft 2012-12-28 15:16:56 ----SHD---- C:\$Recycle.Bin 2012-12-25 12:50:47 ----D---- C:\Windows\SysWOW64\directx 2012-12-24 15:42:05 ----RD---- C:\Users 2012-12-21 00:49:50 ----D---- C:\Program Files (x86)\Common Files\Steam 2012-12-15 19:52:37 ----D---- C:\Windows\SoftwareDistribution 2012-12-15 11:15:32 ----A---- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [] R0 iusb3hcs;Sterownik przełącznika kontrolera hosta Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [] R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [] R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 iusb3hub;Sterownik koncentratora Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [] R3 iusb3xhc;Sterownik kontrolera hosta Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [] R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] R3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [] R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [] S1 GLogin;GLogin; C:\Windows\SysWOW64\drivers\GLogin.sys [] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [] S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [] S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-10-24 30528] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [] S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-05-25 1540120] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472] R2 AVKWCtl;G Data Strażnik systemu plików; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-01-27 2006872] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-01-27 286720] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-05-25 1618456] R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728] R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [2012-11-16 443760] R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488] R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-08-23 165664] R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-10-22 277792] R2 StarWindServiceAE;StarWind AE Service; E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 TSNxGService;G Data TopSecret Service; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2010-01-26 304712] R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-22 364832] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-05-25 1766976] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008] R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-12-20 541760] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; E:\Programy\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; E:\Programy\LogMeIn Hamach\hamachi-2.exe -s [] S2 SkypeUpdate;Skype Updater; E:\Programy\Skype\Updater\Updater.exe [2012-10-19 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400] S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-25 79360] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-05-14 1218552] S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2012-11-15 78072] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-11 115760] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] -----------------EOF----------------- [/log]
Natsuki Kuga komentarz 13 stycznia 2013 komentarz 13 stycznia 2013 Do OTL wklej: [spoiler] :OTL O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [Moozryhar] C:\Users\Kuba\AppData\Roaming\Ygorom\doaw.exe (?????????? ??????????) :Files C:\Users\Kuba\AppData\Roaming\Ypun C:\Users\Kuba\AppData\Roaming\Ymzuor C:\Users\Kuba\AppData\Roaming\Ygorom [/spoiler]Wykonaj skrypt, pokaż raport. Po tym pokaż nowe logi z OTL. 1
Kuba516 komentarz 13 stycznia 2013 Autor komentarz 13 stycznia 2013 Raport: [log]========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3687210550-4096669916-69700731-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Moozryhar deleted successfully. C:\Users\Kuba\AppData\Roaming\Ygorom\doaw.exe moved successfully. ========== FILES ========== C:\Users\Kuba\AppData\Roaming\Ypun folder moved successfully. C:\Users\Kuba\AppData\Roaming\Ymzuor folder moved successfully. Folder move failed. C:\Users\Kuba\AppData\Roaming\Ygorom scheduled to be moved on reboot. OTL by OldTimer - Version 3.2.69.0 log created on 01132013_155852 Files\Folders moved on Reboot... C:\Users\Kuba\AppData\Roaming\Ygorom folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... [/log] Logi: [log]OTL logfile created on: 2013-01-13 16:18:24 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Desktop\OTL & RSIT 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,23% Memory free 15,90 Gb Paging File | 13,29 Gb Available in Paging File | 83,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 42,58 Gb Free Space | 53,47% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 68,94 Gb Free Space | 35,30% Space Free | Partition Type: NTFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2013-01-11 13:17:32 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL & RSIT\OTL.exe PRC - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe PRC - [2012-12-20 19:23:00 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-03 20:19:31 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.exe PRC - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012-10-22 14:23:04 | 000,364,832 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012-10-22 14:23:02 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe PRC - [2012-08-23 17:16:22 | 000,165,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe PRC - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe PRC - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2013-01-11 13:17:32 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-01-11 13:17:32 | 002,850,864 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll MOD - [2013-01-11 13:17:32 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe MOD - [2013-01-11 13:17:32 | 000,814,128 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll MOD - [2013-01-11 13:17:32 | 000,642,096 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nss3.dll MOD - [2013-01-11 13:17:32 | 000,375,344 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll MOD - [2013-01-11 13:17:32 | 000,277,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll MOD - [2013-01-11 13:17:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll MOD - [2013-01-11 13:17:32 | 000,172,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll MOD - [2013-01-11 13:17:32 | 000,142,896 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll MOD - [2013-01-11 13:17:32 | 000,104,496 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll MOD - [2013-01-11 13:17:32 | 000,091,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll MOD - [2013-01-11 13:17:32 | 000,016,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll MOD - [2013-01-11 13:17:31 | 017,798,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xul.dll MOD - [2013-01-11 13:17:31 | 000,155,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll MOD - [2013-01-11 13:17:31 | 000,152,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll MOD - [2013-01-11 13:17:31 | 000,092,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\smime3.dll MOD - [2013-01-11 13:17:31 | 000,022,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plc4.dll MOD - [2013-01-11 13:17:31 | 000,021,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\plds4.dll MOD - [2013-01-11 13:17:31 | 000,019,504 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll MOD - [2013-01-09 18:39:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuba\Desktop\OTL & RSIT\OTL.exe MOD - [2012-12-31 15:44:24 | 001,060,864 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\SMS.dll MOD - [2012-12-31 15:40:00 | 008,866,816 | ---- | M] (AQQ Sp. z o.o.) -- C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe MOD - [2012-12-30 23:42:20 | 001,375,232 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\GGNet.dll MOD - [2012-12-30 08:09:22 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\WapSter\WapSter AQQ\System\Shared\Plugins\Contact.dll MOD - [2012-12-20 19:23:13 | 000,647,168 | ---- | M] () -- E:\Gry\Steam\sdl.dll MOD - [2012-12-20 19:23:09 | 000,282,176 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\crashhandler.dll MOD - [2012-12-20 19:23:06 | 007,020,608 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\steamclient.dll MOD - [2012-12-20 19:23:06 | 000,242,240 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\tier0_s.dll MOD - [2012-12-20 19:23:06 | 000,214,080 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\vstdlib_s.dll MOD - [2012-12-20 19:23:04 | 000,122,864 | ---- | M] (Valve) -- E:\Gry\Steam\CSERHelper.dll MOD - [2012-12-20 19:23:00 | 000,673,344 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\bin\vgui2_s.dll MOD - [2012-12-20 19:22:59 | 001,782,336 | ---- | M] (Valve Corporation) -- e:\Gry\Steam\bin\ServerBrowser.dll MOD - [2012-12-20 19:22:58 | 020,320,240 | ---- | M] () -- E:\Gry\Steam\bin\libcef.dll MOD - [2012-12-20 19:22:56 | 009,955,112 | ---- | M] (The ICU Project) -- E:\Gry\Steam\bin\icudt.dll MOD - [2012-12-20 19:22:56 | 002,378,304 | ---- | M] (Valve Corporation) -- e:\Gry\Steam\bin\friendsUI.dll MOD - [2012-12-20 19:22:56 | 000,969,280 | ---- | M] () -- E:\Gry\Steam\bin\chromehtml.dll MOD - [2012-12-20 19:22:56 | 000,170,048 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\bin\FileSystem_Steam.dll MOD - [2012-12-20 19:22:54 | 000,124,416 | ---- | M] () -- E:\Gry\Steam\bin\avutil-51.dll MOD - [2012-12-20 19:22:52 | 000,192,000 | ---- | M] () -- E:\Gry\Steam\bin\avformat-53.dll MOD - [2012-12-20 19:22:50 | 001,100,800 | ---- | M] () -- E:\Gry\Steam\bin\avcodec-53.dll MOD - [2012-12-20 19:22:49 | 002,895,424 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.dll MOD - [2012-12-20 19:22:47 | 008,192,576 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\SteamUI.dll MOD - [2012-12-20 19:22:47 | 001,039,192 | ---- | M] (Microsoft Corporation) -- E:\Gry\Steam\dbghelp.dll MOD - [2012-12-07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll MOD - [2012-12-03 20:19:31 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Gry\Steam\Steam.exe MOD - [2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll MOD - [2012-11-30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll MOD - [2012-11-22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll MOD - [2012-11-14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll MOD - [2012-11-14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll MOD - [2012-11-14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll MOD - [2012-11-14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll MOD - [2012-11-14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll MOD - [2012-11-14 02:52:27 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll MOD - [2012-11-14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll MOD - [2012-11-06 17:08:40 | 005,628,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdag.dll MOD - [2012-11-06 16:29:34 | 000,959,488 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\aticfx32.dll MOD - [2012-11-06 16:25:44 | 006,669,824 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atidxx32.dll MOD - [2012-11-06 16:05:34 | 004,162,048 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiumdva.dll MOD - [2012-11-06 15:54:52 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiuxpag.dll MOD - [2012-11-06 15:54:38 | 000,083,968 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWOW64\atiu9pag.dll MOD - [2012-10-19 15:18:36 | 017,875,120 | R--- | M] (Skype Technologies S.A.) -- E:\Programy\Skype\Phone\Skype.exe MOD - [2012-10-11 02:04:04 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll MOD - [2012-10-11 02:04:04 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll MOD - [2012-10-09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll MOD - [2012-08-24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll MOD - [2012-07-27 10:26:30 | 001,198,080 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\LIBEAY32.dll MOD - [2012-07-27 10:26:30 | 000,303,104 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Intel\iCLS Client\ssleay32.dll MOD - [2012-07-03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe MOD - [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll MOD - [2012-06-02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll MOD - [2012-06-02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll MOD - [2012-06-02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll MOD - [2012-05-25 03:42:00 | 000,699,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G DATA\ObjBrwse.dll MOD - [2012-05-24 04:23:02 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe MOD - [2012-05-21 12:43:10 | 001,274,880 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\LIBEAY32.DLL MOD - [2012-05-21 12:43:10 | 000,330,752 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\WapSter\WapSter AQQ\SSLEAY32.DLL MOD - [2012-05-20 19:49:11 | 001,625,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll MOD - [2012-05-20 19:48:51 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll MOD - [2012-05-20 19:47:19 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll MOD - [2012-05-20 19:46:58 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2012-05-20 19:46:18 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll MOD - [2012-05-20 19:45:32 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll MOD - [2012-05-20 19:40:55 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll MOD - [2012-05-20 19:39:09 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll MOD - [2012-05-20 19:39:09 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleacc.dll MOD - [2012-05-20 19:38:49 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll MOD - [2012-05-20 19:38:07 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll MOD - [2012-05-20 19:38:07 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll MOD - [2012-05-20 19:33:35 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dnsapi.dll MOD - [2012-05-20 19:31:55 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll MOD - [2012-05-20 19:30:50 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll MOD - [2012-05-20 19:26:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll MOD - [2012-05-05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2012-04-05 10:17:06 | 001,618,440 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Common\AVKRes.dll MOD - [2012-04-03 19:45:36 | 002,121,216 | ---- | M] () -- E:\Programy\screenSHU\screenSHU.exe MOD - [2012-02-02 18:27:54 | 002,843,136 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtCore4.dll MOD - [2012-02-02 18:27:44 | 000,276,480 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtSql4.dll MOD - [2012-02-02 18:27:34 | 001,289,728 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtNetwork4.dll MOD - [2012-02-02 18:27:08 | 010,135,040 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\QtGui4.dll MOD - [2012-02-02 18:26:54 | 000,527,360 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\sqldrivers\qsqlite4.dll MOD - [2012-02-02 18:26:52 | 000,288,256 | ---- | M] (Nokia Corporation and/or its subsidiary(-ies)) -- E:\Programy\screenSHU\imageformats\qjpeg4.dll MOD - [2012-02-02 18:26:52 | 000,043,008 | ---- | M] () -- E:\Programy\screenSHU\libgcc_s_dw2-1.dll MOD - [2012-02-02 18:26:52 | 000,011,362 | ---- | M] () -- E:\Programy\screenSHU\mingwm10.dll MOD - [2012-01-27 14:41:04 | 000,250,872 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\Banksafe.dll MOD - [2012-01-27 10:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe MOD - [2012-01-27 10:38:07 | 000,073,728 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll MOD - [2012-01-27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe MOD - [2012-01-13 08:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nlaapi.dll MOD - [2010-11-21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2010-11-21 04:24:43 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mscms.dll MOD - [2010-11-21 04:24:33 | 001,010,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll MOD - [2010-11-21 04:24:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\credssp.dll MOD - [2010-11-21 04:24:32 | 001,003,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptui.dll MOD - [2010-11-21 04:24:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IPHLPAPI.DLL MOD - [2010-11-21 04:24:28 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll MOD - [2010-11-21 04:24:28 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\riched20.dll MOD - [2010-11-21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll MOD - [2010-11-21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll MOD - [2010-11-21 04:24:23 | 001,828,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d9.dll MOD - [2010-11-21 04:24:23 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ExplorerFrame.dll MOD - [2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll MOD - [2010-11-21 04:24:16 | 001,171,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll MOD - [2010-11-21 04:24:16 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll MOD - [2010-11-21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll MOD - [2010-11-21 04:24:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winmm.dll MOD - [2010-11-21 04:24:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll MOD - [2010-11-21 04:24:16 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\userenv.dll MOD - [2010-11-21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll MOD - [2010-11-21 04:24:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll MOD - [2010-11-21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll MOD - [2010-11-21 04:24:14 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll MOD - [2010-11-21 04:24:11 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll MOD - [2010-11-21 04:24:09 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll MOD - [2010-11-21 04:24:09 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll MOD - [2010-11-21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mswsock.dll MOD - [2010-11-21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll MOD - [2010-11-21 04:24:08 | 000,508,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll MOD - [2010-11-21 04:24:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll MOD - [2010-11-21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winhttp.dll MOD - [2010-11-21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv MOD - [2010-11-21 04:24:08 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pdh.dll MOD - [2010-11-21 04:24:08 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\FWPUCLNT.DLL MOD - [2010-11-21 04:24:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mapi32.dll MOD - [2010-11-21 04:24:07 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll MOD - [2010-11-21 04:24:03 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wer.dll MOD - [2010-11-21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll MOD - [2010-11-21 04:24:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll MOD - [2010-11-21 04:24:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msdmo.dll MOD - [2010-11-21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll MOD - [2010-11-21 04:24:01 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rtutils.dll MOD - [2010-11-21 04:24:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wdmaud.drv MOD - [2010-11-21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ws2_32.dll MOD - [2010-11-21 04:23:55 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\AudioSes.dll MOD - [2010-11-21 04:23:55 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll MOD - [2010-11-21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll MOD - [2010-11-21 04:23:54 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wtsapi32.dll MOD - [2010-11-21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll MOD - [2010-11-21 04:23:51 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MMDevAPI.dll MOD - [2010-11-21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2010-11-21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll MOD - [2010-11-21 04:23:48 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll MOD - [2010-11-21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll MOD - [2009-08-18 11:29:22 | 000,134,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL MOD - [2009-07-14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll MOD - [2009-07-14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wship6.dll MOD - [2009-07-14 02:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WSHTCPIP.DLL MOD - [2009-07-14 02:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanapi.dll MOD - [2009-07-14 02:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winrnr.dll MOD - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winnsi.dll MOD - [2009-07-14 02:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wlanutil.dll MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009-07-14 02:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll MOD - [2009-07-14 02:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll MOD - [2009-07-14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll MOD - [2009-07-14 02:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shfolder.dll MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll MOD - [2009-07-14 02:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SensApi.dll MOD - [2009-07-14 02:16:12 | 000,791,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\opengl32.dll MOD - [2009-07-14 02:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasapi32.dll MOD - [2009-07-14 02:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll MOD - [2009-07-14 02:16:12 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PeerDist.dll MOD - [2009-07-14 02:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasman.dll MOD - [2009-07-14 02:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pnrpnsp.dll MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll MOD - [2009-07-14 02:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rasadhlp.dll MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll MOD - [2009-07-14 02:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll MOD - [2009-07-14 02:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\npmproxy.dll MOD - [2009-07-14 02:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\nsi.dll MOD - [2009-07-14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netprofm.dll MOD - [2009-07-14 02:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\NapiNSP.dll MOD - [2009-07-14 02:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimtf.dll MOD - [2009-07-14 02:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msimg32.dll MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll MOD - [2009-07-14 02:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll MOD - [2009-07-14 02:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mlang.dll MOD - [2009-07-14 02:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\midimap.dll MOD - [2009-07-14 02:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll MOD - [2009-07-14 02:15:35 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ksuser.dll MOD - [2009-07-14 02:15:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\idndl.dll MOD - [2009-07-14 02:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\hid.dll MOD - [2009-07-14 02:15:22 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\glu32.dll MOD - [2009-07-14 02:15:20 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\feclient.dll MOD - [2009-07-14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll MOD - [2009-07-14 02:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dui70.dll MOD - [2009-07-14 02:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll MOD - [2009-07-14 02:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll MOD - [2009-07-14 02:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsrole.dll MOD - [2009-07-14 02:15:11 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dinput8.dll MOD - [2009-07-14 02:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc.dll MOD - [2009-07-14 02:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ddraw.dll MOD - [2009-07-14 02:15:10 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devenum.dll MOD - [2009-07-14 02:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dciman32.dll MOD - [2009-07-14 02:15:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d8thk.dll MOD - [2009-07-14 02:15:07 | 001,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll MOD - [2009-07-14 02:15:07 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll MOD - [2009-07-14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsp.dll MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll MOD - [2009-07-14 02:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\avrt.dll MOD - [2009-07-14 02:14:57 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009-07-14 02:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.drv MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll MOD - [2009-07-14 02:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\security.dll MOD - [2009-07-14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2007-04-04 18:53:42 | 000,081,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xinput1_3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-11-06 16:19:14 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2012-07-27 10:54:18 | 000,636,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-01-11 13:17:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-01-09 17:54:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-12-20 19:23:00 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-12-18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-11-16 23:02:32 | 000,443,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012-11-15 20:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012-11-15 04:03:24 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012-11-15 02:40:58 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012-10-25 10:27:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012-10-22 14:23:04 | 000,364,832 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012-10-22 14:23:02 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012-10-19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Programy\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-08-23 17:16:22 | 000,165,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-05-25 13:19:26 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012-05-25 06:36:32 | 001,618,456 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2012-05-25 04:11:06 | 001,766,976 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012-05-14 04:26:48 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012-03-29 03:42:28 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012-01-27 05:01:08 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012-01-27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012-01-05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- E:\Programy\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-12-09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011-08-30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010-01-26 16:18:16 | 000,304,712 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2012-12-19 06:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:[b]64bit:[/b] - [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:[b]64bit:[/b] - [2012-11-06 17:06:46 | 011,269,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012-11-06 15:56:36 | 000,550,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-10-27 11:12:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:[b]64bit:[/b] - [2012-10-25 10:33:12 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2012-10-24 21:53:07 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:[b]64bit:[/b] - [2012-10-24 21:53:03 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:[b]64bit:[/b] - [2012-10-24 21:52:55 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:[b]64bit:[/b] - [2012-10-24 21:52:54 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:[b]64bit:[/b] - [2012-07-12 19:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-06-05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b]64bit:[/b] - [2012-05-20 19:46:58 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-05-20 19:29:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012-05-20 19:29:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-01-27 10:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-01-18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b]64bit:[/b] - [2011-11-02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:[b]64bit:[/b] - [2010-11-21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-08-14 13:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV - [2012-10-24 21:29:00 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{59B5EF52-1A08-44ac-A278-D89419214A9D}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\..\SearchScopes\{88302EF8-E6A1-49ba-B959-9A59E9A30F95}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3687210550-4096669916-69700731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-11 13:17:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-11 13:17:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-10-24 21:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Extensions [2012-12-15 14:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\Firefox\Profiles\3hev22t6.default\extensions [2012-12-15 14:35:15 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Kuba\AppData\Roaming\mozilla\firefox\profiles\3hev22t6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-11 13:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013-01-11 13:17:29 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013-01-11 13:17:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-10-11 03:58:06 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-10-11 03:58:06 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-10-11 03:58:06 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-10-11 03:58:06 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-10-11 03:58:06 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-10-11 03:58:06 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2013-01-10 16:25:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AlcoholAutomount] E:\Programy\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [AQQ] C:\PROGRA~2\WapSter\WAPSTE~1\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [screenSHU] E:\Programy\screenSHU\screenSHU.exe () O4 - HKU\S-1-5-21-3687210550-4096669916-69700731-1000..\Run: [Steam] E:\Gry\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B084D405-98AE-4C21-BFE5-B665FFE91326}: DhcpNameServer = 192.168.0.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell - "" = AutoRun O33 - MountPoints2\{6c41285c-1e8c-11e2-8bca-902b3461527a}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2013-01-13 15:58:52 | 000,000,000 | ---D | C] -- C:\_OTL [2013-01-11 13:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-01-10 20:15:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-01-10 19:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-01-10 19:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013-01-10 19:13:59 | 000,550,912 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013-01-10 19:13:59 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013-01-10 19:13:59 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013-01-10 19:13:59 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.dll [2013-01-10 19:13:59 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013-01-10 19:11:31 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013-01-10 19:11:31 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013-01-10 19:11:31 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013-01-10 19:11:31 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013-01-10 19:11:31 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013-01-10 19:11:31 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013-01-10 19:11:31 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013-01-10 19:11:31 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013-01-10 19:11:31 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013-01-10 19:11:31 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013-01-10 19:11:31 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013-01-10 19:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013-01-10 19:00:00 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013-01-10 18:59:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013-01-10 18:59:59 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013-01-10 18:59:59 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013-01-10 18:59:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013-01-10 18:59:56 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013-01-10 18:59:56 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013-01-10 18:59:56 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013-01-10 18:59:56 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013-01-10 18:59:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013-01-10 18:59:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013-01-10 18:59:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013-01-10 18:59:35 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013-01-10 18:59:33 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013-01-10 18:59:13 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013-01-10 18:59:05 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013-01-10 16:51:56 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\OTL & RSIT [2013-01-09 20:01:06 | 000,000,000 | ---D | C] -- C:\rsit [2013-01-05 15:35:33 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\FLT [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013-01-04 17:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013-01-04 17:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2012-12-31 10:39:05 | 000,118,504 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2012-12-30 02:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012-12-28 15:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012-12-28 13:19:43 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\XRay Engine [2012-12-27 12:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012-12-27 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS [2012-12-25 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Hamachi [2012-12-25 18:16:15 | 000,021,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 13:12:48 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 12:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT [2012-12-25 02:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\3DMark 11 [2012-12-25 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\IsolatedStorage [2012-12-25 02:32:54 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Futuremark_Corporation [2012-12-25 02:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark [2012-12-25 02:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2012-12-25 02:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012-12-23 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Desktop\Serwer [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012-12-22 17:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012-12-15 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012-12-02 16:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012-12-02 14:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker [2012-11-29 15:33:23 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Apps [2012-11-24 16:00:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012-11-17 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Rockstar Games [2012-11-17 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Rockstar Games [2012-11-17 19:48:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012-11-17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012-11-17 19:42:01 | 000,000,000 | RH-D | C] -- C:\Users\Kuba\AppData\Roaming\SecuROM [2012-11-17 19:37:18 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012-11-17 19:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012-11-17 19:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012-11-17 12:58:49 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\BioWare [2012-11-17 12:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II [2012-11-17 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012-11-17 11:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\storage [2012-11-16 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Ubisoft Game Launcher [2012-11-16 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\SKIDROW [2012-11-16 17:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012-11-16 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-11-16 17:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012-11-16 16:46:13 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\Skyrim [2012-11-16 12:40:12 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\My Games [2012-11-16 12:23:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012-11-16 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Kuba\AppData\Local\2K Games [2012-11-16 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012-11-16 08:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda [2012-11-16 08:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012-11-16 08:23:41 | 000,000,000 | ---D | C] -- C:\Users\Kuba\Documents\Alcohol 120% [2012-11-15 02:38:20 | 000,040,712 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2013-01-13 16:07:28 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-01-13 16:07:28 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-01-13 15:59:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-01-13 15:59:46 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2013-01-13 15:54:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-01-12 22:51:55 | 004,295,168 | ---- | M] () -- C:\Users\Kuba\Desktop\hamachi.msi [2013-01-11 19:30:38 | 000,582,227 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2013-01-10 18:31:15 | 000,007,597 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2013-01-10 16:25:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013-01-10 13:29:55 | 000,276,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-01-05 15:33:06 | 000,000,912 | ---- | M] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 23:25:23 | 000,000,857 | ---- | M] () -- C:\Users\Kuba\Documents\ax_files.xml [2012-12-30 02:25:04 | 000,000,604 | ---- | M] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-27 14:12:14 | 000,001,750 | ---- | M] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 18:16:15 | 000,021,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2012-12-25 12:50:55 | 000,000,629 | ---- | M] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-19 06:40:58 | 000,118,504 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [2012-12-15 15:16:49 | 000,001,007 | ---- | M] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-15 11:15:32 | 000,581,642 | ---- | M] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-12-09 16:50:10 | 001,549,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-09 16:50:10 | 000,697,674 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-12-09 16:50:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-09 16:50:10 | 000,134,784 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-12-09 16:50:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-02 14:28:24 | 000,000,639 | ---- | M] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-11-28 02:30:22 | 000,381,365 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012-11-24 16:36:11 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | M] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | M] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-22 21:37:36 | 000,885,503 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012-11-22 21:37:36 | 000,046,790 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012-11-20 01:18:06 | 002,714,720 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012-11-18 17:06:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:37:18 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012-11-17 19:35:15 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:49 | 000,001,158 | ---- | M] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2012-11-15 02:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-01-12 22:51:57 | 004,295,168 | ---- | C] () -- C:\Users\Kuba\Desktop\hamachi.msi [2013-01-10 19:13:59 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013-01-10 19:13:59 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013-01-10 19:13:59 | 000,662,787 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013-01-10 19:13:59 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2013-01-10 19:13:59 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2013-01-10 19:13:59 | 000,076,660 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2013-01-10 19:13:59 | 000,042,347 | ---- | C] () -- C:\Windows\atiogl.xml [2013-01-10 19:13:58 | 000,324,664 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2013-01-10 19:13:58 | 000,324,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013-01-10 18:59:55 | 000,381,365 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013-01-05 15:33:06 | 000,000,912 | ---- | C] () -- C:\Users\Kuba\Desktop\Don't Starve Beta (18 November).lnk [2013-01-04 17:01:45 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2012-12-30 02:25:04 | 000,000,604 | ---- | C] () -- C:\Users\Kuba\Desktop\HD Tune.lnk [2012-12-27 14:12:11 | 000,001,750 | ---- | C] () -- C:\Users\Kuba\Documents\cc_20121227_141208.reg [2012-12-27 13:05:54 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012-12-27 13:05:54 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012-12-27 12:50:27 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk [2012-12-25 12:50:55 | 000,000,629 | ---- | C] () -- C:\Users\Kuba\Desktop\OCCT.lnk [2012-12-25 02:30:44 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2012-12-25 02:16:09 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012-12-15 15:16:49 | 000,001,007 | ---- | C] () -- C:\Users\Kuba\Desktop\SpeedFan.lnk [2012-12-15 15:16:48 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012-12-02 14:28:24 | 000,000,639 | ---- | C] () -- C:\Users\Kuba\Desktop\Resource Hacker.lnk [2012-11-24 16:36:11 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Team Fortress 2.url [2012-11-24 16:28:19 | 000,000,202 | ---- | C] () -- C:\Users\Kuba\Desktop\Counter-Strike.url [2012-11-24 16:00:49 | 000,000,203 | ---- | C] () -- C:\Users\Kuba\Desktop\Dota 2.url [2012-11-18 17:06:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012-11-17 19:47:16 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012-11-17 19:35:15 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012-11-17 12:54:46 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Age II.lnk [2012-11-17 11:38:52 | 000,001,158 | ---- | C] () -- C:\Users\Kuba\Desktop\AssassinsCreed II.lnk [2012-11-16 08:59:41 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls V - Skyrim.lnk [2012-11-16 08:54:14 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk [2012-11-16 07:04:23 | 000,007,597 | ---- | C] () -- C:\Users\Kuba\AppData\Local\Resmon.ResmonCfg [2012-11-14 20:30:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-14 20:25:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-10-25 12:29:28 | 000,582,227 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar [2012-10-25 12:29:28 | 000,581,642 | ---- | C] () -- C:\Users\Kuba\AppData\Roaming\technic-launcher.jar.bak [2012-10-25 10:27:07 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2012-10-25 10:27:07 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2012-10-25 10:27:06 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012-10-25 10:27:06 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012-10-25 08:58:49 | 000,885,503 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012-10-24 21:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-10-24 21:40:55 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-10-24 21:40:55 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-10-24 21:40:55 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012-10-24 21:24:52 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012-10-24 21:18:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011-12-08 15:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [color=#E56717]========== ZeroAccess Check ==========[/color] [2012-10-25 22:15:26 | 000,000,642 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Temp\Rar$DRa0.025\reifnsk\minimap\n.png [2012-10-25 22:15:26 | 000,000,268 | ---- | M] () -- C:\Users\Kuba\AppData\Local\Temp\Rar$DRa0.025\reifnsk\minimap\zantextures\n.png [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-01-13 11:49:29 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.minecraft [2013-01-11 19:31:22 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\.techniclauncher [2012-10-30 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Easeware [2012-12-01 19:38:42 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\EurekaLog [2012-10-27 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\FileZilla [2013-01-11 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\logs [2012-10-27 10:25:35 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Notepad++ [2012-10-25 09:39:50 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Splashtop [2012-10-25 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Teeworlds [2013-01-13 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\TS3Client [2012-11-16 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\Ubisoft [2012-12-28 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\Kuba\AppData\Roaming\XRay Engine [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2013-01-10 16:38:30 | 000,002,965 | ---- | M] () -- C:\AdwCleaner[S2].txt [2012-10-24 21:24:58 | 000,000,180 | ---- | M] () -- C:\csb.log [2013-01-13 15:59:46 | 2106,269,695 | -HS- | M] () -- C:\hiberfil.sys [2012-10-24 21:22:19 | 000,000,206 | ---- | M] () -- C:\Install.log [2013-01-13 15:59:47 | 4240,015,359 | -HS- | M] () -- C:\pagefile.sys [2012-10-24 21:22:19 | 000,003,235 | ---- | M] () -- C:\RHDSetup.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys [2010-11-21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2012-08-22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys [2012-08-22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys [2010-11-21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < End of report > [/log] [log]OTL Extras logfile created on: 2013-01-13 16:18:24 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kuba\Desktop\OTL & RSIT 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,95 Gb Total Physical Memory | 5,82 Gb Available Physical Memory | 73,23% Memory free 15,90 Gb Paging File | 13,29 Gb Available in Paging File | 83,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,64 Gb Total Space | 42,58 Gb Free Space | 53,47% Space Free | Partition Type: NTFS Drive D: | 97,56 Gb Total Space | 38,06 Gb Free Space | 39,01% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 68,94 Gb Free Space | 35,30% Space Free | Partition Type: NTFS Computer Name: KUBA-KOMPUTER | User Name: Kuba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3687210550-4096669916-69700731-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0402F9F3-436E-469A-A985-044B3AD38A88}" = lport=139 | protocol=6 | dir=in | app=system | "{0C469EA9-3F5D-4194-ACAA-415E1D4246FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1B2C321A-2466-4EBA-AAC2-7DC7EF30E69C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1BA37879-583C-4F10-8B30-0ED6F74AAC7B}" = rport=445 | protocol=6 | dir=out | app=system | "{27D14CF6-52E1-490A-B398-AD4F18227262}" = lport=10243 | protocol=6 | dir=in | app=system | "{3FF1312F-B611-46D0-86A9-93C7407A95AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41C5074B-6F52-4445-BDE8-3EFB8989A4A3}" = rport=139 | protocol=6 | dir=out | app=system | "{4BA28922-FBB2-4345-9CA8-A68BD3DC5DB6}" = rport=137 | protocol=17 | dir=out | app=system | "{4BF9BAA8-F400-46BA-A256-D484498F74DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4E6A3C61-95C6-4806-95CF-D1206CBEB9B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DADFA2D-B035-4B32-AF19-C29DC4AF812A}" = lport=138 | protocol=17 | dir=in | app=system | "{7FD0CBF1-369C-4135-ACAC-44DB052FC8E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{865C67CD-98B9-4C2B-ACD9-CF44AFC4F596}" = rport=138 | protocol=17 | dir=out | app=system | "{8D5391BC-2405-4137-B723-45247A652815}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8F618A4B-4561-42BE-83CF-0DF107DC6772}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9E568D1A-78EF-47A2-AA77-4448FC58EC62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A24C93E1-AE30-42D7-ABBE-C2C6180071E0}" = rport=10243 | protocol=6 | dir=out | app=system | "{A3731A21-3569-45AB-89AB-28C0332CD29C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AC205059-5EFD-4819-A5A0-ED84991D9030}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2FC61DB-40F6-43C7-99ED-ACED5A27FC96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BC167094-9E5C-41D3-AC79-FC3FE4051A9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5B9255A-BF3E-4C56-AB0A-6F414554BF7A}" = lport=445 | protocol=6 | dir=in | app=system | "{E6162F77-C333-4460-B232-B6D815DE47E3}" = lport=137 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AC3F0C-8246-4E43-BCDB-A30F44F85CF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{01E5BD26-6276-43AE-AC80-190B9781B892}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{06CA03F5-6AC7-41F8-9F9C-294F0DB51372}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{0B32CB88-BE07-4EC0-B543-720A7FD07CBD}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{0E4565EB-D503-4EA8-A7A1-36ADC0DBF883}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | "{1693391B-A07A-4AF6-9CE2-9CAA73CB39C5}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{1BA64C07-A51E-48A0-B570-5869DB2E120A}" = protocol=17 | dir=in | app=e:\gry\assassin's creed ii\assassinscreedii.exe | "{1E765833-4DC6-458A-965F-0411C7B69586}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{1FFA03F5-35BA-4AE3-BC7C-B6F45996BD57}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{27D675BA-4A82-427C-BF77-B9CB3A67A965}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3565FDA4-18B6-43EF-8A4E-DF717063C027}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\kuba_516\counter-strike\hl.exe | "{35B8646E-BF12-45A3-A004-A7F0E3F38615}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3967E8AB-8FB4-4CAE-92A6-302EB6651472}" = protocol=6 | dir=out | app=system | "{40EA44BE-7873-40D7-AE37-564A8B49ED8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4893FC5A-DD90-4A00-8F96-56C98CF402F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E5E6FBD-1CD1-405A-92C0-F25A9FEF9456}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{59C803F8-936D-44EC-BCEB-5F2F3CAC73B9}" = protocol=6 | dir=in | app=e:\gry\steam\steam.exe | "{60D104FD-8A76-4ECA-8844-DDEE317F6C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{668530D9-8923-4A27-A6A5-D0A96880B468}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{68FA6A6B-4437-431F-B217-35C56E548AC1}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{73BFD577-7C1F-4E63-BF3F-89C2CF6EE9AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{74A36A72-C4E4-4850-92C6-7317EA5C681D}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\dragonage2launcher.exe | "{8579DBAD-0B00-48DD-870D-66876F929AAC}" = protocol=17 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{891A1DB5-0D7B-488A-B0DA-C996F9D66310}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{8CD9E530-8569-4B5C-BD49-39B22FE142C8}" = protocol=6 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{8EA2CC40-1705-45C1-BA36-B0752078912A}" = protocol=6 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{96F80B77-7148-46C2-A17B-7D777CF9F7C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{9FE8FCEA-219A-4CEC-B3B5-07B7CCED103E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A48BECCF-CB18-42DA-9CF0-4903F65C2404}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\uplaybrowser.exe | "{A74120AC-D850-4FEC-9D1D-B20B9BF65727}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AD59D626-D43F-45DF-B674-DF5EA8DDB124}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE4C480D-827D-4BB8-9550-6DE602EAEC72}" = dir=in | app=e:\programy\skype\phone\skype.exe | "{B4D65F48-3DB8-4FF1-8773-5D4B286705C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7F618AB-AF27-45E3-A20C-7662799FEE43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA0FA441-E99A-4421-B21F-A46DEF06F86C}" = protocol=17 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | "{C51CAD0E-2141-4686-9373-E0E6C9DE0148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CE96531A-66A5-4864-B9B7-D99964CC9B04}" = protocol=17 | dir=in | app=e:\gry\steam\steam.exe | "{D30266DC-B828-4F3E-99A4-243E3514572E}" = protocol=6 | dir=in | app=e:\gry\steam\steamapps\common\dota 2 beta\dota.exe | "{D5D97ADE-0579-4AA8-87D3-A1F6D8635C10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D6A3FB9D-9469-470E-B1AD-92FFB58D10FB}" = protocol=6 | dir=in | app=e:\gry\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | "{D753B1BA-5A12-4AF8-BD93-5E87BEA80565}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDBD42A6-1C20-4838-88CA-DECB97300E6B}" = protocol=17 | dir=in | app=e:\gry\dragon age 2\bin_ship\dragonage2.exe | "{DF96CB38-2749-432E-8AE6-3E3874EF2C12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E3F15E8A-B34E-4B9F-8259-69BD5F3C9A16}" = protocol=17 | dir=in | app=e:\gry\rockstar games\grand theft auto iv\launchgtaiv.exe | "{E44F8A62-4C38-4596-818D-418EFCAE6896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5E2E4B3-7C16-49C3-B060-2C806C799DDE}" = protocol=6 | dir=in | app=e:\gry\assassin's creed ii\assassinscreediigame.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08CFAEF6-7D08-9A9B-2089-FC25350C5FF4}" = ccc-utility64 "{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9 "{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding "{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0841A593-C7D8-E4EF-9F26-CA0EE369033C}" = Catalyst Control Center "{1432AA8A-09CC-E585-7FFB-4DC255456A57}" = CCC Help English "{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard "{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5C56EB7A-A016-E031-525F-C967EF9749B9}" = CCC Help French "{5DA69605-2A7F-6028-8A10-0549F924174E}" = CCC Help Italian "{5F7308C0-56FF-415A-B34C-44A90A892A95}" = Catalyst Control Center - Branding "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6D62F011-4303-8BCC-398D-AE61684880FF}" = CCC Help German "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73F9192E-A60B-47BA-809A-AE07AF507EA7}" = S.T.A.L.K.E.R. - Shadow of Chernobyl "{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish "{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish "{7F2D87D4-5152-31B5-D7CF-67E329F6FB94}" = CCC Help Chinese Traditional "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83BE5026-D306-FE60-73D7-C9BCEE0E55E5}" = CCC Help Russian "{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B758A3B-0966-A84F-9D2D-42D8025D04B2}" = CCC Help Spanish "{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center "{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian "{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch "{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai "{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish "{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish "{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) "{B2F6521E-0207-036B-C0C3-2013BF182F86}" = CCC Help Japanese "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CE6217F3-6072-40E2-9157-A4695C334F8E}" = G Data TotalProtection 2013 "{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean "{D0D79D77-2A6C-B156-76AB-C0F93D0A40EB}" = CCC Help Chinese Standard "{D33626D5-3D55-C79B-C372-F1D1734D8025}" = Catalyst Control Center InstallProxy "{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All "{D72FF5C1-0DE5-17C3-F0B8-7C1CBF98C5D5}" = CCC Help Korean "{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech "{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese "{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E976B61A-251E-396A-9724-675C1DDE2C6F}" = Catalyst Control Center Localization All "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EBC8C5A1-7745-419F-B6C6-B0DD87F24D52}" = LogMeIn Hamachi "{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AQQ" = WapSter AQQ "AudioCS" = Creative Audio Control Panel "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FileZilla Client" = FileZilla Client 3.5.3 "Fraps" = Fraps (remove only) "HD Tune_is1" = HD Tune 2.55 "Host OpenAL" = Host OpenAL "HotspotShield" = Hotspot Shield 2.78 "Łatka polonizacyjna GTA IV v1.0" = Łatka polonizacyjna GTA IV v1.0 "Mafia II_is1" = Mafia II "Mozilla Firefox 18.0 (x86 pl)" = Mozilla Firefox 18.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OCCT" = OCCT 4.3.2 "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky "screenSHU" = screenSHU - the fastest screen capture ever. "SpeedFan" = SpeedFan (remove only) "Steam App 10" = Counter-Strike "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2013-01-12 22:00:34 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:00:34 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-12 22:16:51 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:16:51 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-12 22:16:58 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 11723 Description = Error - 2013-01-12 22:16:58 | Computer Name = Kuba-Komputer | Source = MsiInstaller | ID = 1023 Description = Error - 2013-01-13 05:59:29 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-13 06:00:45 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2013-01-13 11:00:04 | Computer Name = Kuba-Komputer | Source = TSNxGService | ID = 131074 Description = G Data TopSecret Inicjalizacja modułu ochrony plików (AFP) nie powiodła się Kod błędu: 1 Error - 2013-01-13 11:01:41 | Computer Name = Kuba-Komputer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2013-01-13 05:59:07 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: %%2 Error - 2013-01-13 05:59:38 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: GLogin Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 06:00:07 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 11:00:00 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LogMeIn Hamachi Tunneling Engine z powodu następującego błędu: %%2 Error - 2013-01-13 11:00:08 | Computer Name = Kuba-Komputer | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: GLogin Error - 2013-01-13 11:00:28 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 11:00:28 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = Error - 2013-01-13 11:00:28 | Computer Name = Kuba-Komputer | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > [/log]
Natsuki Kuga komentarz 13 stycznia 2013 komentarz 13 stycznia 2013 W logach brak infekcji. Na koniec: 1. Odinstaluj OTL poprzez opcję Sprzątanie, AdwCleaner przez Uninstall. 2. Wyłącz i włącz Przywracanie systemu: Klik To wszystko. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.