x-kom hosting

Komputer łapie "muła"

KruQ
utworzono
utworzono (edytowane)

Witam,
wczoraj założyłem temat na forum w sprawie nieprawidłowej pracy mojego laptopa, znajduje się pod tym linkiem [url="http://www.forumpc.pl/index.php?showtopic=252177"]http://www.forumpc.p...howtopic=252177[/url]
W skrócie, mam laptopa Dell Vostro 3750, proc. Core i5 2410m, 4GB ram, GF gt525m, orginalny win7 home edition. Od roku co prawda nie był formatowany, jest praktycznie od początku chroniony przez Avirę av i Comodo FW. Często łapie muła podczas pracy i wolno reaguje na polecenia, długo ładują się pliki, aplikacje, czy też podczas lekkiej pracy(np. przeglądania internetu) jest wrażenie jakby ciężko pracował. Zużycie procesora i RAM mimo to jest normalne, odpowiednio ok. 1-5% oraz ~35%, a pracuje jakby to zużycie wynosiło ~80-100%. Internet pracuje z raczej normalną prędkością o ile przeglądarka się nie przycina :P Zostałem z tamtego działu skierowany aby umieścić tutaj logi do sprawdzenia, więc serdecznie proszę o sprawdzenie ich :) Oto i one :

- RSIT
[log]info.txt logfile of random's system information tool 1.09 2012-06-28 14:04:30

======Uninstall list======

-->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15
18 Wheels of Steel Across America-->C:\PROGRA~2\18WHEE~1\UNWISE.EXE C:\PROGRA~2\18WHEE~1\INSTALL.LOG
AccelerometerP11-->"C:\Program Files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe" -runfromtemp -l0x0415 -removeonly
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 /remove
Alpha Protocol-->"C:\Program Files (x86)\Alpha Protocol\unins000.exe"
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x15
Assasins Creed: Revelations-->"C:\Program Files (x86)\Assasins Creed Revelations\unins000.exe"
Auslogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\Auslogics Registry Cleaner\unins000.exe"
Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}
Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52}
Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Civilization V-->"C:\Games\Civilization V\unins000.exe"
Comodo Dragon-->"C:\Program Files (x86)\Comodo\Dragon\uninstall.exe"
Company of Heroes-->MsiExec.exe /X{199E6632-EB28-4F73-AECB-3E192EB92D18}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Daum PotPlayer 1.5.31908.0 Beta PL-->"C:\Program Files (x86)\Daum\PotPlayer\unins001.exe"
Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 /remove
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200}
DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200}
Dzielenie i łączenie plików v1.2.2-->"C:\Program Files (x86)\Dzielenie i laczenie plikow\unins000.exe"
FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
Free Create-Burn ISO Image v2.0-->"C:\Program Files (x86)\Free Create-Burn ISO Image\unins000.exe"
G10 MeetingMan-->"C:\Program Files (x86)\InstallShield Installation Information\{15EF3E93-DBA4-4379-A991-9DD423BF5E10}\setup.exe" -runfromtemp -l0x0415 -removeonly
G10 MeetingMan-->MsiExec.exe /I{15EF3E93-DBA4-4379-A991-9DD423BF5E10}
Gadu-Gadu 7.7-->C:\Program Files (x86)\Gadu-Gadu\Setup.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GTA I-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}\setup.exe" -l0x15
GTA II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8844334E-8D00-464A-837F-0E0E9DC85046}\setup.exe" -l0x15
GTA III-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\setup.exe" -l0x15
GTA London 1969-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}\setup.exe" -l0x15
Heroes of Might and Magic® III-->C:\Windows\IsUn0415.exe -f"C:\Program Files (x86)\3DO\Heroes3\Uninst.isu" -c"C:\Program Files (x86)\3DO\Heroes3\uninst.dll
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 7.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Lion King-->"C:\Program Files (x86)\Lion King\unins000.exe"
Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon 3-->C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe
Media Go-->MsiExec.exe /X{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{86CE1746-9EFF-3C9C-8755-81EA8903AC34}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NAVIGON Fresh 3.4.1-->C:\Program Files (x86)\NAVIGON\NAVIGON Fresh\uninst.exe
Need for Speed™ Most Wanted-->C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nokia PC Internet Access-->C:\ProgramData\Installations\{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}\INSTALLER.EXE
Nokia PC Internet Access-->MsiExec.exe /I{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Odkurzacz 12.6-->"C:\Program Files (x86)\Odkurzacz\unins000.exe"
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05}
Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PhotoShowExpress-->MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B}
PlayStation®Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Pro Evolution Soccer 2012-->"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\unins002.exe"
Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Robin Hood - Legenda Sherwood-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C748279-288D-11D7-928D-00C0CA129740}\setup.exe"
Roxio Activation Module-->MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Burn-->MsiExec.exe /I{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}
Roxio Creator Starter-->C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} /qb
Roxio Creator Starter-->MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF}
Roxio Creator Starter-->MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sanctum DLC Pack-->"C:\Program Files (x86)\Sanctum\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870}
Sony Ericsson PC Companion 2.02.015-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
SopCast 3.5.0-->C:\Program Files (x86)\SopCast\uninst.exe
Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6-->"C:\Program Files (x86)\Testy na Prawo Jazdy - B\unins000.exe"
The Settlers II - Dziesięciolecie-->"C:\Program Files (x86)\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\uninstall.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Usługa Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}
Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Worms 3D-->C:\Program Files (x86)\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe -runfromtemp -l0x0015 -removeonly

======System event log======

Computer Name: dell
Event Code: 7036
Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania.
Record Number: 66770
Source Name: Service Control Manager
Time Written: 20120115212350.311509-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia.
Record Number: 66769
Source Name: Service Control Manager
Time Written: 20120115211859.127854-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan zatrzymania.
Record Number: 66768
Source Name: Service Control Manager
Time Written: 20120115211820.737659-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia.
Record Number: 66767
Source Name: Service Control Manager
Time Written: 20120115211804.973757-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia.
Record Number: 66766
Source Name: Service Control Manager
Time Written: 20120115211320.664495-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: dell
Event Code: 223
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowych plików dziennika (pliki z zakresu C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log-C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log).
Record Number: 837
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 221
Message: WinMail (4292) WindowsMail0: Kończy się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.
Record Number: 836
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 220
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (rozmiar 2 Mb).
Record Number: 835
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 210
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie pełnej kopii zapasowej.
Record Number: 834
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 102
Message: WinMail (4292) WindowsMail0: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0).
Record Number: 833
Source Name: ESENT
Time Written: 20110627141645.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: dell
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: DELL$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 9

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x2645763
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x23c
Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 24932
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e

Typ logowania: 9

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 24931
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 24930
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: DELL$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 9

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x23c
Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 24929
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x2645719

Typ logowania: 9

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 24928
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"EMC_AUTOPLAY"=C:\Program Files (x86)\Common Files\Roxio Shared\OEM\
"RCAUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\
"BURN_AUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Burn\
"CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\

-----------------EOF-----------------

[/log]

oraz

[log]info.txt logfile of random's system information tool 1.09 2012-06-28 14:04:30

======Uninstall list======

-->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15
18 Wheels of Steel Across America-->C:\PROGRA~2\18WHEE~1\UNWISE.EXE C:\PROGRA~2\18WHEE~1\INSTALL.LOG
AccelerometerP11-->"C:\Program Files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe" -runfromtemp -l0x0415 -removeonly
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 /remove
Alpha Protocol-->"C:\Program Files (x86)\Alpha Protocol\unins000.exe"
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x15
Assasins Creed: Revelations-->"C:\Program Files (x86)\Assasins Creed Revelations\unins000.exe"
Auslogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\Auslogics Registry Cleaner\unins000.exe"
Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}
Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52}
Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Civilization V-->"C:\Games\Civilization V\unins000.exe"
Comodo Dragon-->"C:\Program Files (x86)\Comodo\Dragon\uninstall.exe"
Company of Heroes-->MsiExec.exe /X{199E6632-EB28-4F73-AECB-3E192EB92D18}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Daum PotPlayer 1.5.31908.0 Beta PL-->"C:\Program Files (x86)\Daum\PotPlayer\unins001.exe"
Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 /remove
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200}
DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200}
Dzielenie i łączenie plików v1.2.2-->"C:\Program Files (x86)\Dzielenie i laczenie plikow\unins000.exe"
FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}
Free Create-Burn ISO Image v2.0-->"C:\Program Files (x86)\Free Create-Burn ISO Image\unins000.exe"
G10 MeetingMan-->"C:\Program Files (x86)\InstallShield Installation Information\{15EF3E93-DBA4-4379-A991-9DD423BF5E10}\setup.exe" -runfromtemp -l0x0415 -removeonly
G10 MeetingMan-->MsiExec.exe /I{15EF3E93-DBA4-4379-A991-9DD423BF5E10}
Gadu-Gadu 7.7-->C:\Program Files (x86)\Gadu-Gadu\Setup.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GTA I-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}\setup.exe" -l0x15
GTA II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8844334E-8D00-464A-837F-0E0E9DC85046}\setup.exe" -l0x15
GTA III-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\setup.exe" -l0x15
GTA London 1969-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}\setup.exe" -l0x15
Heroes of Might and Magic® III-->C:\Windows\IsUn0415.exe -f"C:\Program Files (x86)\3DO\Heroes3\Uninst.isu" -c"C:\Program Files (x86)\3DO\Heroes3\uninst.dll
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 7.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Lion King-->"C:\Program Files (x86)\Lion King\unins000.exe"
Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon 3-->C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe
Media Go-->MsiExec.exe /X{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{86CE1746-9EFF-3C9C-8755-81EA8903AC34}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NAVIGON Fresh 3.4.1-->C:\Program Files (x86)\NAVIGON\NAVIGON Fresh\uninst.exe
Need for Speed™ Most Wanted-->C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nokia PC Internet Access-->C:\ProgramData\Installations\{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}\INSTALLER.EXE
Nokia PC Internet Access-->MsiExec.exe /I{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Odkurzacz 12.6-->"C:\Program Files (x86)\Odkurzacz\unins000.exe"
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05}
Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PhotoShowExpress-->MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B}
PlayStation®Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Pro Evolution Soccer 2012-->"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\unins002.exe"
Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Robin Hood - Legenda Sherwood-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C748279-288D-11D7-928D-00C0CA129740}\setup.exe"
Roxio Activation Module-->MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Burn-->MsiExec.exe /I{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}
Roxio Creator Starter-->C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} /qb
Roxio Creator Starter-->MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF}
Roxio Creator Starter-->MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sanctum DLC Pack-->"C:\Program Files (x86)\Sanctum\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP
Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870}
Sony Ericsson PC Companion 2.02.015-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
SopCast 3.5.0-->C:\Program Files (x86)\SopCast\uninst.exe
Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6-->"C:\Program Files (x86)\Testy na Prawo Jazdy - B\unins000.exe"
The Settlers II - Dziesięciolecie-->"C:\Program Files (x86)\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\uninstall.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Usługa Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}
Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
Worms 3D-->C:\Program Files (x86)\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe -runfromtemp -l0x0015 -removeonly

======System event log======

Computer Name: dell
Event Code: 7036
Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania.
Record Number: 66770
Source Name: Service Control Manager
Time Written: 20120115212350.311509-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia.
Record Number: 66769
Source Name: Service Control Manager
Time Written: 20120115211859.127854-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan zatrzymania.
Record Number: 66768
Source Name: Service Control Manager
Time Written: 20120115211820.737659-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia.
Record Number: 66767
Source Name: Service Control Manager
Time Written: 20120115211804.973757-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 7036
Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia.
Record Number: 66766
Source Name: Service Control Manager
Time Written: 20120115211320.664495-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: dell
Event Code: 223
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowych plików dziennika (pliki z zakresu C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log-C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log).
Record Number: 837
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 221
Message: WinMail (4292) WindowsMail0: Kończy się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.
Record Number: 836
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 220
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (rozmiar 2 Mb).
Record Number: 835
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 210
Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie pełnej kopii zapasowej.
Record Number: 834
Source Name: ESENT
Time Written: 20110627141646.000000-000
Event Type: Informacje
User:

Computer Name: dell
Event Code: 102
Message: WinMail (4292) WindowsMail0: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0).
Record Number: 833
Source Name: ESENT
Time Written: 20110627141645.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: dell
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: DELL$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 9

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x2645763
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x23c
Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 24932
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e

Typ logowania: 9

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 24931
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 24930
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: DELL$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 9

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x264573e
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x23c
Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 24929
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

Computer Name: dell
Event Code: 4634
Message: Użytkownik wylogował się z konta.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x2645719

Typ logowania: 9

To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze.
Record Number: 24928
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120114134317.267303-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"EMC_AUTOPLAY"=C:\Program Files (x86)\Common Files\Roxio Shared\OEM\
"RCAUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\
"BURN_AUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Burn\
"CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\

-----------------EOF-----------------

[/log]

i za chwilę dodam z OTL :)
Oto i on:
[log]OTL logfile created on: 2012-06-28 14:25:39 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\KruQ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,92 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 7,32% Memory free
7,83 Gb Paging File | 5,42 Gb Available in Paging File | 69,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,27 Gb Total Space | 164,76 Gb Free Space | 37,09% Space Free | Partition Type: NTFS
Drive D: | 208,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: KruQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-28 14:24:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe
PRC - [2012-06-23 13:15:41 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012-05-11 02:10:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-05-02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011-10-02 14:03:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-09-14 11:11:28 | 002,006,528 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\foobar2000.exe
PRC - [2010-12-29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010-12-21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-06-23 13:15:40 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012-05-11 02:10:23 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-10-15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011-09-20 19:21:14 | 001,457,664 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_input_std.dll
MOD - [2011-09-14 11:11:28 | 002,006,528 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\foobar2000.exe
MOD - [2011-09-14 11:10:12 | 000,276,480 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_dsp_std.dll
MOD - [2011-09-14 11:09:52 | 000,365,056 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_albumlist.dll
MOD - [2011-09-14 11:09:46 | 001,130,496 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_ui_std.dll
MOD - [2011-09-14 11:09:40 | 000,299,008 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_cdda.dll
MOD - [2011-09-14 11:09:32 | 000,480,256 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_converter.dll
MOD - [2011-09-14 11:09:32 | 000,283,136 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_rgscan.dll
MOD - [2011-09-14 11:09:06 | 000,171,008 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_unpack.dll
MOD - [2011-09-14 11:08:24 | 000,275,456 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_fileops.dll
MOD - [2011-09-14 11:07:44 | 000,148,480 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\shared.dll
MOD - [2011-02-19 10:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2010-04-21 14:48:00 | 000,066,560 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\zlib1.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2012-06-14 03:13:46 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2012-03-11 23:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent)
SRV:[b]64bit:[/b] - [2010-12-29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:[b]64bit:[/b] - [2010-12-17 21:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:[b]64bit:[/b] - [2010-12-17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2010-12-17 21:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:[b]64bit:[/b] - [2010-11-29 22:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:[b]64bit:[/b] - [2010-10-07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:[b]64bit:[/b] - [2010-09-23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009-11-18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-06-23 13:15:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-06-12 11:56:48 | 000,412,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012-05-11 02:10:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-10-02 14:03:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-06-29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010-12-21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010-12-21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010-12-14 08:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010-11-25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010-11-25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010-10-07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2012-05-02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012-04-27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012-04-25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012-04-16 22:14:04 | 000,164,736 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-12-09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:[b]64bit:[/b] - [2011-11-15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:[b]64bit:[/b] - [2011-11-13 06:40:41 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:[b]64bit:[/b] - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011-08-27 13:30:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011-07-08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011-06-28 23:35:40 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2011-06-28 23:35:40 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011-04-01 05:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2011-03-26 11:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011-02-11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011-02-11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2011-01-13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010-12-22 03:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Sterownik karty Intel®
DRV:[b]64bit:[/b] - [2010-12-14 15:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:[b]64bit:[/b] - [2010-12-01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010-12-01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:[b]64bit:[/b] - [2010-11-29 22:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:[b]64bit:[/b] - [2010-09-29 20:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:[b]64bit:[/b] - [2010-08-20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:[b]64bit:[/b] - [2010-08-12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:[b]64bit:[/b] - [2010-03-19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010-02-27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002-07-17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6445FB48-E314-4BA0-AF6E-8D233C4F7F8B}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6445FB48-E314-4BA0-AF6E-8D233C4F7F8B}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLSDF8&pc=MDDS&src=IE-SearchBox"]http://www.bing.com/...rc=IE-SearchBox[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKLM\..\SearchScopes,DefaultScope = {5DA41502-9DE0-4273-BE2B-CA4217192DFC}
IE - HKLM\..\SearchScopes\{C2DF5935-65B8-4C86-8E3E-A66497195EB5}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLSDF8&pc=MDDS&src=IE-SearchBox"]http://www.bing.com/...rc=IE-SearchBox[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad"]http://www1.euro.del...c=pl&l=pl&s=pad[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url]
IE - HKCU\..\SearchScopes,DefaultScope = {5DA41502-9DE0-4273-BE2B-CA4217192DFC}
IE - HKCU\..\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}: "URL" = [url="http://startsear.ch/?aff=1&q=%7BsearchTerms%7D"]http://startsear.ch/...q={searchTerms}[/url]
IE - HKCU\..\SearchScopes\{73749ED7-DAD2-4C5D-A552-6C1323F37FD8}: "URL" = [url="http://www.ceneo.pl/categories.aspx?search=yes&categoryID=0&searchText=%7BsearchTerms%7D&inDesc=False&minPrice=0&maxPrice=99999999"]http://www.ceneo.pl/...xPrice=99999999[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011-05-22 15:10:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-11 02:10:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-11-13 13:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Extensions
[2012-06-27 22:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\qllexhym.default\extensions
[2012-04-03 22:17:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\qllexhym.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-11-12 05:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\rsr1d28p.default\extensions
[2012-03-24 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-06-02 00:49:06 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\KRUQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLLEXHYM.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012-02-26 21:31:30 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\KRUQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLLEXHYM.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012-05-11 02:10:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-03-24 15:09:51 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-03-24 15:09:51 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-03-24 15:09:51 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-03-24 15:09:51 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-03-24 15:09:51 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-03-24 15:09:51 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} [url="https://www.bph.pl/sezam/components/SignActivX.cab"]https://www.bph.pl/s.../SignActivX.cab[/url] (SignActivX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 212.76.34.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7DF532-FF23-479C-8A45-A1BC928E5F8F}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97598FB-A613-4029-8EFF-F9B0D32D0ADB}: DhcpNameServer = 212.76.34.50 212.76.34.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97598FB-A613-4029-8EFF-F9B0D32D0ADB}: NameServer = 8.26.56.26,156.154.70.22
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-14 01:31:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012-02-04 03:13:24 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2012-01-06 08:46:28 | 000,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0432c779-8436-11e0-8033-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0432c779-8436-11e0-8033-806e6f6e6963}\Shell\AutoRun\command - "" = D:\MT4167.exe -- [2012-01-06 08:46:28 | 002,617,344 | R--- | M] ()
O33 - MountPoints2\{11e5303a-f33a-11e0-9e23-bc77377c2f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{11e5303a-f33a-11e0-9e23-bc77377c2f3a}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{72f3cbb8-a696-11e0-8d17-14feb5ada7b7}\Shell - "" = AutoRun
O33 - MountPoints2\{72f3cbb8-a696-11e0-8d17-14feb5ada7b7}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{fe60b786-d093-11e0-8dd2-bc77377c2f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{fe60b786-d093-11e0-8dd2-bc77377c2f3a}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-28 14:24:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe
[2012-06-28 14:03:39 | 000,000,000 | ---D | C] -- C:\rsit
[2012-06-28 13:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-06-28 00:15:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-06-27 22:49:36 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\Macromedia
[2012-06-27 14:35:26 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Malwarebytes
[2012-06-27 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-06-27 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-06-27 14:34:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-06-27 14:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-06-25 19:58:24 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-25 19:58:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-25 19:58:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-25 19:58:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-25 19:58:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-25 19:58:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-25 19:57:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-25 19:57:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012-06-14 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\cache
[2012-06-14 04:32:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-06-14 04:32:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-06-14 04:32:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-06-14 04:32:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-06-14 04:32:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-06-14 04:32:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-06-14 04:32:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-06-14 04:32:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-06-14 04:32:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-06-14 04:32:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-06-14 04:32:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-06-14 04:32:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-06-14 04:32:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-06-14 03:17:14 | 000,000,000 | ---D | C] -- C:\Users\KruQ\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - Polski
[2012-06-14 03:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012-06-14 03:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\Autodesk
[2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012-06-14 03:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012-06-14 03:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2012-06-13 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Autodesk
[2012-06-13 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012-06-13 16:45:49 | 000,357,704 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\styleman.cpl
[2012-06-13 16:45:49 | 000,357,704 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\plotman.cpl
[2012-06-13 16:41:57 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2012-06-13 16:40:06 | 000,045,280 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignIcon.dll
[2012-06-13 16:40:06 | 000,035,040 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExt.dll
[2012-06-13 16:40:06 | 000,016,712 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExtRes.dll
[2012-06-13 16:38:41 | 000,432,864 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignOpt.exe
[2012-06-13 16:36:44 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012-06-13 12:34:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-06-13 12:34:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-06-13 12:34:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-06-13 12:34:08 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-06-13 12:34:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-06-13 12:34:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-06-13 12:34:03 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012-06-13 12:33:53 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012-06-13 12:33:52 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2012-05-31 13:50:48 | 000,000,000 | ---D | C] -- C:\Users\KruQ\Desktop\mar
[2012-05-31 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Avira
[2012-05-31 12:45:18 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012-05-31 12:45:18 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012-05-31 12:45:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012-05-31 12:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012-05-31 12:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-28 14:24:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe
[2012-06-28 14:14:06 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-28 14:02:47 | 000,781,383 | ---- | M] () -- C:\Users\KruQ\Desktop\RSIT.exe
[2012-06-28 13:51:52 | 001,402,880 | ---- | M] () -- C:\Users\KruQ\Desktop\HiJackThis.msi
[2012-06-28 13:37:00 | 000,002,098 | ---- | M] () -- C:\Users\KruQ\Desktop\vba.ini
[2012-06-28 12:27:52 | 001,694,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-28 12:27:52 | 000,749,654 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012-06-28 12:27:52 | 000,663,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-28 12:27:52 | 000,158,540 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012-06-28 12:27:52 | 000,124,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-28 12:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-28 08:59:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-28 08:59:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-28 08:49:55 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-28 00:43:08 | 000,031,744 | ---- | M] () -- C:\Users\KruQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-27 14:25:30 | 000,072,746 | ---- | M] () -- C:\Users\KruQ\Desktop\temp.gif
[2012-06-26 23:07:01 | 007,973,420 | ---- | M] () -- C:\Users\KruQ\AppData\Local\census.cache
[2012-06-26 22:54:44 | 000,145,008 | ---- | M] () -- C:\Users\KruQ\AppData\Local\ars.cache
[2012-06-23 17:35:56 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012-06-23 13:15:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-06-23 13:15:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-06-21 15:01:27 | 000,067,806 | ---- | M] () -- C:\Users\KruQ\Desktop\bilety.pdf
[2012-06-18 10:27:15 | 000,202,553 | ---- | M] () -- C:\Users\KruQ\Desktop\206f118468_5647473_565957794.pdf
[2012-06-17 03:22:47 | 001,670,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-06-14 17:28:51 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Polski.lnk
[2012-06-14 17:28:51 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2012-06-14 11:14:18 | 000,007,613 | ---- | M] () -- C:\Users\KruQ\AppData\Local\Resmon.ResmonCfg
[2012-06-14 09:48:10 | 000,420,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-06-14 03:15:17 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-06-13 16:45:49 | 000,357,704 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\styleman.cpl
[2012-06-13 16:45:49 | 000,357,704 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\plotman.cpl
[2012-06-13 16:41:57 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2012-06-13 16:40:06 | 000,045,280 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignIcon.dll
[2012-06-13 16:40:06 | 000,035,040 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExt.dll
[2012-06-13 16:40:06 | 000,016,712 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExtRes.dll
[2012-06-13 16:38:41 | 000,432,864 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignOpt.exe
[2012-06-03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012-06-01 00:17:49 | 000,004,213 | ---- | M] () -- C:\Users\KruQ\Desktop\Dokument.rtf
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-06-28 14:02:30 | 000,781,383 | ---- | C] () -- C:\Users\KruQ\Desktop\RSIT.exe
[2012-06-28 13:51:39 | 001,402,880 | ---- | C] () -- C:\Users\KruQ\Desktop\HiJackThis.msi
[2012-06-27 14:25:24 | 000,072,746 | ---- | C] () -- C:\Users\KruQ\Desktop\temp.gif
[2012-06-23 17:35:56 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012-06-21 15:02:04 | 000,067,806 | ---- | C] () -- C:\Users\KruQ\Desktop\bilety.pdf
[2012-06-18 10:27:45 | 000,202,553 | ---- | C] () -- C:\Users\KruQ\Desktop\206f118468_5647473_565957794.pdf
[2012-06-14 03:18:26 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk
[2012-06-14 03:15:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-06-14 03:13:05 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Polski.lnk
[2012-05-31 19:26:28 | 000,004,213 | ---- | C] () -- C:\Users\KruQ\Desktop\Dokument.rtf
[2012-03-07 19:33:56 | 000,430,917 | ---- | C] () -- C:\Users\KruQ\Śmiech Karo.mp4
[2012-01-15 09:46:38 | 007,973,420 | ---- | C] () -- C:\Users\KruQ\AppData\Local\census.cache
[2012-01-15 09:41:37 | 000,145,008 | ---- | C] () -- C:\Users\KruQ\AppData\Local\ars.cache
[2012-01-12 06:18:08 | 000,000,036 | ---- | C] () -- C:\Users\KruQ\AppData\Local\housecall.guid.cache
[2011-11-10 23:06:09 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-11-10 23:06:06 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-11-10 23:06:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-11-08 02:00:09 | 000,007,613 | ---- | C] () -- C:\Users\KruQ\AppData\Local\Resmon.ResmonCfg
[2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-10-02 14:03:05 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-10-02 14:02:50 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-08-26 23:13:28 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-08-02 13:23:27 | 000,000,000 | ---- | C] () -- C:\Users\KruQ\AppData\Local\rx_image32.Cache
[2011-07-02 14:47:17 | 001,670,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-02 02:59:58 | 000,031,744 | ---- | C] () -- C:\Users\KruQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-28 21:00:25 | 000,000,883 | ---- | C] () -- C:\Users\KruQ\Nightly.lnk
[2011-05-22 17:21:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011-05-22 17:21:32 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011-05-22 17:21:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011-05-22 14:58:10 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll

< End of report >
[/log]
I
[log]OTL Extras logfile created on: 2012-06-28 14:25:39 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\KruQ\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,92 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 7,32% Memory free
7,83 Gb Paging File | 5,42 Gb Available in Paging File | 69,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,27 Gb Total Space | 164,76 Gb Free Space | 37,09% Space Free | Partition Type: NTFS
Drive D: | 208,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: KruQ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PotPlayer.Enqueue] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" /ADD ()
Directory [PotPlayer.Play] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PotPlayer.Enqueue] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" /ADD ()
Directory [PotPlayer.Play] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018D572E-734D-4A65-A18D-D434B1F9BC05}" = rport=139 | protocol=6 | dir=out | app=system |
"{03E2DA39-D5F3-4F90-98C0-01440A91CFC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{04C99855-5E88-49F5-8D0C-2BAB7296CDCE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{10A0DD72-9D91-410E-8073-34C55CA86F76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1439BFD9-5F85-4BB3-8FAA-867E80C6D4BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{14C406DF-FEBA-4120-96D4-42D50E478744}" = rport=2869 | protocol=6 | dir=out | app=system |
"{17928F3F-1779-43D7-98AE-23D8F1F3CE45}" = lport=61116 | protocol=6 | dir=in | name=aktualizacja programu trend micro client/server security agent |
"{1E72ED47-9DFE-45BD-AB62-34BC9FD3D672}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30406BDB-9676-49F3-9A22-1E1EA76BEFAC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3D9B42E7-B820-465C-B99A-4F0BC871DD69}" = lport=61117 | protocol=17 | dir=in | name=nadajnik programu trend micro client/server security agent |
"{4240E19F-7586-45CF-8FB1-9BEF0C8738BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56940392-7E14-4E54-BB54-2AEB241992CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5981A338-012E-47EA-9E9C-C174CB86B212}" = lport=61116 | protocol=6 | dir=in | name=aktualizacja programu trend micro client/server security agent |
"{654F5D92-2BC9-4325-A6DC-AC233F00845B}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{681AC755-8E11-42E8-9CA9-28957D3DA917}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6932DC84-328E-4E6D-949D-DA7AC9058DED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74C34688-E734-4E51-A46D-8FC413D09BD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{77AB06F6-4E36-4467-91B0-1290A419A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AA3284C-1332-4367-A3B8-369C07CB142A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7DDD6189-ACF5-4677-AF81-14979389C361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{821564C4-9276-4C73-9C38-82E13F32438B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B09288D-F4D9-486C-892B-D3825A5C9D8C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{92ECDF27-DF4C-4910-ACAA-137D5BA2632B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A370D6F1-EA1F-432A-9B55-FBA3B4A6429A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC835BC4-8A6E-41FE-B026-36563FA7DB94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFFCCB42-3CAF-48D9-8D1E-66E1910A616D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B10DD876-69C6-4B4E-B4F7-2BD9FE2B072F}" = rport=138 | protocol=17 | dir=out | app=system |
"{BF0B9E49-23B4-4386-94EE-F7F2CCEBE1BB}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4CCD57D-06B4-4266-B888-55E7C2A9DB40}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4F8F33F-913B-4D29-A7A8-A3CA45203628}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5526A0A-D17E-447C-8F24-C3892C057CD9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E05ABD65-9F34-4C95-B874-67CE3863D541}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1685A57-7A4D-45FD-9CB6-C148740A68C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6567C3B-882F-409D-85B2-BE4EFAE6F39F}" = lport=138 | protocol=17 | dir=in | app=system |
"{EAAF1552-E16D-4C28-ACC5-982B340A3AF6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EEEBBD48-692C-43F0-B3A6-64A44204D245}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FBCB20C6-B2CE-41AA-BFE9-E677EB666583}" = rport=445 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122DAA8-A30E-417B-B67A-8A7227ABE25D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{094181B4-0B0D-48EE-A722-CEAF73C0CBE6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{0ABAD9CA-2117-4B24-853D-C04942292AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C1D81DE-5ABB-41F2-A2C6-4FDFD38CFC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{11B0755A-78C7-441E-A7AD-D226CEACF41A}" = protocol=6 | dir=in | app=c:\program files (x86)\assasins creed revelations\acrsp.exe |
"{15A922B9-6BEC-4EA0-A9FD-E9808DD84BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{19A5DAB5-E6AC-4C06-9222-BCE179DCA594}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{21C5CD0E-CF09-4E31-BD0E-97E985E7DD8C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{22202F66-ADAD-4DD4-A54D-E66F7CF8D3C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{22AD1A01-90CE-42BC-A4DB-9C09322D937E}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{2BC1B0C2-96AA-48DB-840A-6A7C4E67F702}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E850E28-10D9-45B3-8A8C-965CA34DF74C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{31FE1170-F393-4D92-8D51-5D79D39AB410}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{327A8FAC-6FD9-4AF8-9796-90DED4363288}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34E3FD6E-7C3C-4DB3-9B22-2CB45F3B08E7}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{393802A9-E6BF-4D56-959A-2ECAD475E919}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{3EB42DE6-2BD0-46EE-8D52-0187C884E912}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3FDB256C-2822-4737-82FF-983715DDD482}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{488C3382-B389-4728-B37D-C1A7492D0EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{4D83ED97-589F-4655-AE5F-B410709EFEF3}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{58A37649-79BB-4330-A8E1-320FE8ADFBFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59AA9B73-5661-471E-9A77-08B432446382}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5DC7CAE0-6A9E-4E0F-BD0C-FA29A6BB8E68}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{6678CF18-650A-4663-954C-A98458A275C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D99B845-D398-420F-B659-C816232D2F44}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{76126B67-2903-4990-B42A-1E200FC508D5}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{7AC58381-35C5-4EF2-A281-8EED500F4126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8047AD46-FBB0-40A6-82EE-54914EA44B8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{839020E6-B08A-47A1-9480-C1FE0A76C9D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8528A339-3334-42E4-BBCB-C19E20DF8CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{977358EB-7A31-4B87-8CFD-B0D65213F2C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9879406A-099D-4358-A19E-5D9BDC347B75}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{9B9D9D9D-2926-4802-B80A-ACEF48B8858B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA7A793F-8AF8-45CD-A8A2-A3FD2B19CB6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B0AC412F-60B4-41F2-B426-888F74073A23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B0F7D8ED-5988-4D19-A5AE-5572E02135EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B685CE2B-1D19-47D4-A264-432D8AE9148D}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{C8743540-96F3-4F76-A889-306E949D2DD1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{CBCE07D3-BC72-4B46-B0CC-8B812D601A4D}" = protocol=6 | dir=out | app=system |
"{CE8B8C98-E913-4CF2-BCD8-212993D7B426}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{D06BD50B-EC5F-495E-B798-ADB06D912225}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D2075AA3-0599-4A87-8F7A-F413FE19CD86}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D3CDDED9-F0BC-46BF-8661-0D57CC6C7360}" = protocol=17 | dir=in | app=c:\program files (x86)\assasins creed revelations\acrsp.exe |
"{D41CA7CD-C6BC-4B8A-893C-E7D7B28E1237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB7E2A85-9ABF-4D70-9B61-782E5A082B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E922E825-3040-446D-BEDE-782DF8903FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{EC64C3E8-8A20-4ABA-8D2D-B805598C928A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EE4A3E7F-F003-4CDA-85A5-8AF7658C20D7}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{F0FE846C-918D-43A6-8F32-48EE6CB86725}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F61A48BB-8DE1-4104-B002-2128F2E38AE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F74781FC-B0D8-4C57-803E-07BCF2A467DF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FC6A0AAA-2110-4F8F-A4EC-5407EE006841}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDBB8D12-A40C-4AB4-B0EC-4548B65F5EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFE7DCF0-21C4-4406-AF8A-3EB28625901A}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"TCP Query User{04C0FC60-2453-4556-85BB-0981A4EE7B1C}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{2A47CD1F-C3BF-460F-83D2-5B8B1623B014}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"TCP Query User{53EF4452-3E4B-40BE-816F-E181527E1E5E}C:\program files (x86)\3do\heroes3\heroes3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\3do\heroes3\heroes3.exe |
"TCP Query User{551D2E7F-F5B0-4736-B40D-5A8373C475F1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{642E35C1-526D-4966-A7C7-8F5C0F6120DB}C:\program files (x86)\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\speed.exe |
"TCP Query User{CBC49DC5-DDDB-4176-BF4F-4D8C1F80BDE2}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"TCP Query User{D576772F-04D1-4B45-B979-2E1B796E8839}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{055B6C12-EE84-4290-A359-9036B4204695}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{48B4C62F-0722-436C-BBAA-6BBEB55C3D25}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"UDP Query User{5A3DB3CC-A798-435A-98F1-0482AD154B0E}C:\program files (x86)\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\speed.exe |
"UDP Query User{85945EF6-2071-450C-A484-831BFA3B3791}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"UDP Query User{8EF0DF57-2DA7-40DB-89DC-EA639E9FFB39}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe |
"UDP Query User{93D8A845-3254-4008-8F6A-C9F73921CC32}C:\program files (x86)\3do\heroes3\heroes3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\3do\heroes3\heroes3.exe |
"UDP Query User{BB293EB7-C2B9-48AE-9347-036E5E2E6595}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{5783F2D7-A001-0415-0102-0060B0CE6BBA}" = AutoCAD 2012 - Polski
"{5783F2D7-A001-0415-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Polski
"{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"AutoCAD 2012 - Polski" = AutoCAD 2012 - Polski
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"BlackHawk Web Browser_is1" = BlackHawk Web Browser
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Usługa Autodesk Content Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{15EF3E93-DBA4-4379-A991-9DD423BF5E10}" = G10 MeetingMan
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{38AF69D9-96BA-434D-ABFF-4B58795FC7A7}_is1" = Pro Evolution Soccer 2012
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8844334E-8D00-464A-837F-0E0E9DC85046}" = GTA II
"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms 3D
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTA III
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C748279-288D-11D7-928D-00C0CA129740}" = Robin Hood - Legenda Sherwood
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BA9D1E-7F4F-4A2D-82AA-0871EDE6D541}_is1" = Battlefield 3 FURiA wersja 1.0
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}" = Nokia PC Internet Access
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}" = GTA London 1969
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin
"{F428FE7B-7E50-4B34-94E1-B6069C39D610}_is1" = Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}" = GTA I
"18 Wheels of Steel Across America" = 18 Wheels of Steel Across America
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alpha Protocol_is1" = Alpha Protocol
"Assasins Creed: Revelations_is1" = Assasins Creed: Revelations
"Avira AntiVir Desktop" = Avira Free Antivirus
"Civilization V_is1" = Civilization V
"Comodo Dragon" = Comodo Dragon
"DAEMON Tools Lite" = DAEMON Tools Lite
"Daum PotPlayer_is1" = Daum PotPlayer 1.5.31908.0 Beta PL
"Dell Webcam Central" = Dell Webcam Central
"Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2
"foobar2000" = foobar2000 v1.1.8 beta 4
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Gadu-Gadu" = Gadu-Gadu 7.7
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"InstallShield_{15EF3E93-DBA4-4379-A991-9DD423BF5E10}" = G10 MeetingMan
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IT9130 DriverInstaller_11.9.2.1" = IT9130 Driver v11.9.2.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"Lion King_is1" = Lion King
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400
"Maxthon3" = Maxthon 3
"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia PC Internet Access" = Nokia PC Internet Access
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"S2TNG" = The Settlers II - Dziesięciolecie
"Sanctum DLC Pack_is1" = Sanctum DLC Pack
"SopCast" = SopCast 3.5.0
"WinLiveSuite" = Podstawowe programy Windows Live

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Katalog Inter Motors 2011" = Katalog Inter Motors 2011

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-05-31 18:10:55 | Computer Name = dell | Source = CVHSVC | ID = 100
Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}):
DownloadLatest Failed: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego
transferu w tle (BITS) ponowni próbę po podłączeniu karty.

Error - 2012-06-11 04:24:53 | Computer Name = dell | Source = CVHSVC | ID = 100
Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}):
DownloadLatest Failed: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego
transferu w tle (BITS) ponowni próbę po podłączeniu karty.

Error - 2012-06-11 12:28:34 | Computer Name = dell | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: DriverInstall64.exe , wersja: 0.1.5.4,
sygnatura czasowa: 0x4cca2f78 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0,
sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0030002c
Identyfikator
procesu powodującego błąd: 0x3060 Godzina uruchomienia aplikacji powodującej błąd:
0x01cd47eef1506518 Ścieżka aplikacji powodującej błąd: C:\Users\KruQ\AppData\Local\Temp\DriverInstall64.exe
Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 7c7db3f1-b3e2-11e1-99e2-bc77377c2f3a

Error - 2012-06-13 10:56:46 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

Error - 2012-06-13 10:56:52 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

Error - 2012-06-13 10:57:09 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

Error - 2012-06-13 10:57:33 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

Error - 2012-06-13 11:04:09 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

Error - 2012-06-13 11:29:23 | Computer Name = dell | Source = Application Hang | ID = 1002
Description = Program fifa.exe w wersji 1.0.0.0 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 31fc Godzina rozpoczęcia: 01cd4979058e76a5 Godzina zakończenia:
84 Ścieżka aplikacji: C:\Users\KruQ\Desktop\fifa12\Game\fifa.exe Identyfikator raportu:
6d18feef-b56c-11e1-99e2-bc77377c2f3a

Error - 2012-06-13 19:56:25 | Computer Name = dell | Source = MsiInstaller | ID = 11719
Description =

[ System Events ]
Error - 2012-06-28 04:02:57 | Computer Name = dell | Source = Service Control Manager | ID = 7001
Description = Usługa Application Virtualization Client zależy od usługi Application
Virtualization Service Agent, której nie można uruchomić z powodu następującego
błędu: %%1058

Error - 2012-06-28 04:03:44 | Computer Name = dell | Source = Service Control Manager | ID = 7001
Description = Usługa Application Virtualization Client zależy od usługi Application
Virtualization Service Agent, której nie można uruchomić z powodu następującego
błędu: %%1058

Error - 2012-06-28 04:04:45 | Computer Name = dell | Source = Service Control Manager | ID = 7001
Description = Usługa Application Virtualization Client zależy od usługi Application
Virtualization Service Agent, której nie można uruchomić z powodu następującego
błędu: %%1058

Error - 2012-06-28 04:05:05 | Computer Name = dell | Source = Service Control Manager | ID = 7001
Description = Usługa Application Virtualization Client zależy od usługi Application
Virtualization Service Agent, której nie można uruchomić z powodu następującego
błędu: %%1058

Error - 2012-06-28 04:50:34 | Computer Name = dell | Source = Service Control Manager | ID = 7034
Description = Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1.

Error - 2012-06-28 04:50:42 | Computer Name = dell | Source = Service Control Manager | ID = 7031
Description = Usługa Usługa udostępniania w sieci programu Windows Media Player
niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund
zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error - 2012-06-28 04:50:44 | Computer Name = dell | Source = Service Control Manager | ID = 7034
Description = Usługa Validity VCS Fingerprint Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2012-06-28 04:53:54 | Computer Name = dell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka
modułu: C:\Windows\System32\IWMSSvc.dll

Error - 2012-06-28 06:09:05 | Computer Name = dell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN.

Ścieżka
modułu: C:\Windows\System32\IWMSSvc.dll

Error - 2012-06-28 06:53:19 | Computer Name = dell | Source = Service Control Manager | ID = 7034
Description = Usługa Intel(R) Management and Security Application User Notification
Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.


< End of report >

[/log]
i jak to się prezentuje..?

Pozdrawiam, KruQ.

klerzak
komentarz
komentarz

Defragmentowałeś dysk?

KruQ
komentarz
komentarz

Próbowałem, ale z tego co pamiętam był z tym problem i kończyło się na analizie. Zaraz spróbuję jeszcze raz i powiem z jakim efektem.

klerzak
komentarz
komentarz

Ew. ściągnij program HD Tune, po czym w zakładce [Health] sprawdź czy wszystko jest 'OK' w kolumnie [Status], a następnie wejdź w zakładkę [Error Scan] i wykonaj skanowanie dysku. Rzecz jasna podziel się tutaj wynikiem :)

wirusolog
komentarz
komentarz (edytowane)

W logach nie widać niczego podejrzanego. Mała korekta po pustych plikach + usunięcie wpisu przeglądarkowego.

[quote]
HD Tune, po czym w zakładce [Health] sprawdź czy wszystko jest 'OK' w kolumnie [Status],
[/quote]
Te swoje cudne rady zachowaj dla siebie. Nie analizuje się SMART po komunikacie ,,OK" tylko po wartościach atrybutów. Tak więc zamilcz.

[hr]

[b]1.[/b] Uruchom OTL i w sekcji [b]Własne opcje skanowania / skrypt[/b] wklej:

[code]:OTL
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}]

:Files
C:\Windows\tasks\Adobe Flash Player Updater.job
c:\Program Files (x86)\Trend Micro

:Commands
[emptytemp][/code]
Klik w [b]Wykonaj skrypt[/b]. Nastąpi restart systemu. Po restarcie zostanie pokazany raport z czyszczenia - pokaż Nam go.

KruQ
komentarz
komentarz

Ok, skończy się defragmentacja, zrobię to i podzielę się raportem :)

Troszkę późno, ale sesja i czasu nie było :)

Mam nadzieję że chodzi o ten:


[log]All processes killed
========== OTL ==========
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ .
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ scheduled to be deleted on reboot.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ .
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}\ not found.
========== FILES ==========
File move failed. C:\Windows\tasks\Adobe Flash Player Updater.job scheduled to be moved on reboot.
c:\Program Files (x86)\Trend Micro\HiJackThis folder moved successfully.
c:\Program Files (x86)\Trend Micro folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KruQ
->Temp folder emptied: 188706824 bytes
->Temporary Internet Files folder emptied: 4980583417 bytes
->Java cache emptied: 426320 bytes
->FireFox cache emptied: 111095724 bytes
->Opera cache emptied: 28431761 bytes
->Flash cache emptied: 2467 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92469112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 467953 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5 154,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07042012_142438

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...[/log]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.