KruQ utworzono 28 czerwca 2012 utworzono 28 czerwca 2012 (edytowane) Witam, wczoraj założyłem temat na forum w sprawie nieprawidłowej pracy mojego laptopa, znajduje się pod tym linkiem [url="http://www.forumpc.pl/index.php?showtopic=252177"]http://www.forumpc.p...howtopic=252177[/url] W skrócie, mam laptopa Dell Vostro 3750, proc. Core i5 2410m, 4GB ram, GF gt525m, orginalny win7 home edition. Od roku co prawda nie był formatowany, jest praktycznie od początku chroniony przez Avirę av i Comodo FW. Często łapie muła podczas pracy i wolno reaguje na polecenia, długo ładują się pliki, aplikacje, czy też podczas lekkiej pracy(np. przeglądania internetu) jest wrażenie jakby ciężko pracował. Zużycie procesora i RAM mimo to jest normalne, odpowiednio ok. 1-5% oraz ~35%, a pracuje jakby to zużycie wynosiło ~80-100%. Internet pracuje z raczej normalną prędkością o ile przeglądarka się nie przycina Zostałem z tamtego działu skierowany aby umieścić tutaj logi do sprawdzenia, więc serdecznie proszę o sprawdzenie ich Oto i one : - RSIT [log]info.txt logfile of random's system information tool 1.09 2012-06-28 14:04:30 ======Uninstall list====== -->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 18 Wheels of Steel Across America-->C:\PROGRA~2\18WHEE~1\UNWISE.EXE C:\PROGRA~2\18WHEE~1\INSTALL.LOG AccelerometerP11-->"C:\Program Files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe" -runfromtemp -l0x0415 -removeonly Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.0) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 /remove Alpha Protocol-->"C:\Program Files (x86)\Alpha Protocol\unins000.exe" ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x15 Assasins Creed: Revelations-->"C:\Program Files (x86)\Assasins Creed Revelations\unins000.exe" Auslogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\Auslogics Registry Cleaner\unins000.exe" Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E} Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52} Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE Civilization V-->"C:\Games\Civilization V\unins000.exe" Comodo Dragon-->"C:\Program Files (x86)\Comodo\Dragon\uninstall.exe" Company of Heroes-->MsiExec.exe /X{199E6632-EB28-4F73-AECB-3E192EB92D18} Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9} CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Daum PotPlayer 1.5.31908.0 Beta PL-->"C:\Program Files (x86)\Daum\PotPlayer\unins001.exe" Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 /remove DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1} DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200} DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200} Dzielenie i łączenie plików v1.2.2-->"C:\Program Files (x86)\Dzielenie i laczenie plikow\unins000.exe" FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C} Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7} Free Create-Burn ISO Image v2.0-->"C:\Program Files (x86)\Free Create-Burn ISO Image\unins000.exe" G10 MeetingMan-->"C:\Program Files (x86)\InstallShield Installation Information\{15EF3E93-DBA4-4379-A991-9DD423BF5E10}\setup.exe" -runfromtemp -l0x0415 -removeonly G10 MeetingMan-->MsiExec.exe /I{15EF3E93-DBA4-4379-A991-9DD423BF5E10} Gadu-Gadu 7.7-->C:\Program Files (x86)\Gadu-Gadu\Setup.exe Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} GTA I-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}\setup.exe" -l0x15 GTA II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8844334E-8D00-464A-837F-0E0E9DC85046}\setup.exe" -l0x15 GTA III-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\setup.exe" -l0x15 GTA London 1969-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}\setup.exe" -l0x15 Heroes of Might and Magic® III-->C:\Windows\IsUn0415.exe -f"C:\Program Files (x86)\3DO\Heroes3\Uninst.isu" -c"C:\Program Files (x86)\3DO\Heroes3\uninst.dll HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8} Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Codec Pack 7.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Lion King-->"C:\Program Files (x86)\Lion King\unins000.exe" Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Maxthon 3-->C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe Media Go-->MsiExec.exe /X{167A1F6A-9BF2-4B24-83DB-C6D659F680EA} Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{86CE1746-9EFF-3C9C-8755-81EA8903AC34} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NAVIGON Fresh 3.4.1-->C:\Program Files (x86)\NAVIGON\NAVIGON Fresh\uninst.exe Need for Speed™ Most Wanted-->C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D} Nokia PC Internet Access-->C:\ProgramData\Installations\{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}\INSTALLER.EXE Nokia PC Internet Access-->MsiExec.exe /I{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B} NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask Odkurzacz 12.6-->"C:\Program Files (x86)\Odkurzacz\unins000.exe" OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05} Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall PhotoShowExpress-->MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B} PlayStation®Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66} PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7} Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1} Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Pro Evolution Soccer 2012-->"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\unins002.exe" Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe" Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Robin Hood - Legenda Sherwood-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C748279-288D-11D7-928D-00C0CA129740}\setup.exe" Roxio Activation Module-->MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C} Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7} Roxio Burn-->MsiExec.exe /I{7746BFAA-2B5D-4FFD-A0E8-4558F4668105} Roxio Creator Starter-->C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} /qb Roxio Creator Starter-->MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF} Roxio Creator Starter-->MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sanctum DLC Pack-->"C:\Program Files (x86)\Sanctum\unins000.exe" Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A} Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870} Sony Ericsson PC Companion 2.02.015-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly SopCast 3.5.0-->C:\Program Files (x86)\SopCast\uninst.exe Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6-->"C:\Program Files (x86)\Testy na Prawo Jazdy - B\unins000.exe" The Settlers II - Dziesięciolecie-->"C:\Program Files (x86)\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\uninstall.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended Usługa Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7} Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80} Worms 3D-->C:\Program Files (x86)\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe -runfromtemp -l0x0015 -removeonly ======System event log====== Computer Name: dell Event Code: 7036 Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania. Record Number: 66770 Source Name: Service Control Manager Time Written: 20120115212350.311509-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 66769 Source Name: Service Control Manager Time Written: 20120115211859.127854-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan zatrzymania. Record Number: 66768 Source Name: Service Control Manager Time Written: 20120115211820.737659-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia. Record Number: 66767 Source Name: Service Control Manager Time Written: 20120115211804.973757-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 66766 Source Name: Service Control Manager Time Written: 20120115211320.664495-000 Event Type: Informacje User: =====Application event log===== Computer Name: dell Event Code: 223 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowych plików dziennika (pliki z zakresu C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log-C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log). Record Number: 837 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 221 Message: WinMail (4292) WindowsMail0: Kończy się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore. Record Number: 836 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 220 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (rozmiar 2 Mb). Record Number: 835 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 210 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie pełnej kopii zapasowej. Record Number: 834 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 102 Message: WinMail (4292) WindowsMail0: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0). Record Number: 833 Source Name: ESENT Time Written: 20110627141645.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: dell Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DELL$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 9 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x2645763 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x23c Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 24932 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Typ logowania: 9 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 24931 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 24930 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DELL$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 9 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x23c Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 24929 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x2645719 Typ logowania: 9 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 24928 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "EMC_AUTOPLAY"=C:\Program Files (x86)\Common Files\Roxio Shared\OEM\ "RCAUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\ "BURN_AUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Burn\ "CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ "ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ -----------------EOF----------------- [/log] oraz [log]info.txt logfile of random's system information tool 1.09 2012-06-28 14:04:30 ======Uninstall list====== -->MsiExec /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 18 Wheels of Steel Across America-->C:\PROGRA~2\18WHEE~1\UNWISE.EXE C:\PROGRA~2\18WHEE~1\INSTALL.LOG AccelerometerP11-->"C:\Program Files (x86)\InstallShield Installation Information\{87434D51-51DB-4109-B68F-A829ECDCF380}\setup.exe" -runfromtemp -l0x0415 -removeonly Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin Adobe Reader X (10.1.0) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x15 /remove Alpha Protocol-->"C:\Program Files (x86)\Alpha Protocol\unins000.exe" ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x15 Assasins Creed: Revelations-->"C:\Program Files (x86)\Assasins Creed Revelations\unins000.exe" Auslogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\Auslogics Registry Cleaner\unins000.exe" Autodesk Material Library 2012-->MsiExec.exe /I{8F0837C2-EE09-4903-88F3-1976FE7FFF4E} Autodesk Material Library Base Resolution Image Library 2012-->MsiExec.exe /I{65420DC9-306E-4371-905F-F4DC3B418E52} Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE Civilization V-->"C:\Games\Civilization V\unins000.exe" Comodo Dragon-->"C:\Program Files (x86)\Comodo\Dragon\uninstall.exe" Company of Heroes-->MsiExec.exe /X{199E6632-EB28-4F73-AECB-3E192EB92D18} Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9} CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Daum PotPlayer 1.5.31908.0 Beta PL-->"C:\Program Files (x86)\Daum\PotPlayer\unins001.exe" Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x15 /remove DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1} DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200} DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200} Dzielenie i łączenie plików v1.2.2-->"C:\Program Files (x86)\Dzielenie i laczenie plikow\unins000.exe" FARO LS 1.1.406.58-->MsiExec.exe /I{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C} Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych-->MsiExec.exe /I{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7} Free Create-Burn ISO Image v2.0-->"C:\Program Files (x86)\Free Create-Burn ISO Image\unins000.exe" G10 MeetingMan-->"C:\Program Files (x86)\InstallShield Installation Information\{15EF3E93-DBA4-4379-A991-9DD423BF5E10}\setup.exe" -runfromtemp -l0x0415 -removeonly G10 MeetingMan-->MsiExec.exe /I{15EF3E93-DBA4-4379-A991-9DD423BF5E10} Gadu-Gadu 7.7-->C:\Program Files (x86)\Gadu-Gadu\Setup.exe Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431} GTA I-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}\setup.exe" -l0x15 GTA II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8844334E-8D00-464A-837F-0E0E9DC85046}\setup.exe" -l0x15 GTA III-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\setup.exe" -l0x15 GTA London 1969-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}\setup.exe" -l0x15 Heroes of Might and Magic® III-->C:\Windows\IsUn0415.exe -f"C:\Program Files (x86)\3DO\Heroes3\Uninst.isu" -c"C:\Program Files (x86)\3DO\Heroes3\uninst.dll HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8} Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Codec Pack 7.9.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Lion King-->"C:\Program Files (x86)\Lion King\unins000.exe" Malwarebytes Anti-Malware wersja 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Maxthon 3-->C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe Media Go-->MsiExec.exe /X{167A1F6A-9BF2-4B24-83DB-C6D659F680EA} Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE} Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{86CE1746-9EFF-3C9C-8755-81EA8903AC34} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NAVIGON Fresh 3.4.1-->C:\Program Files (x86)\NAVIGON\NAVIGON Fresh\uninst.exe Need for Speed™ Most Wanted-->C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D} Nokia PC Internet Access-->C:\ProgramData\Installations\{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}\INSTALLER.EXE Nokia PC Internet Access-->MsiExec.exe /I{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B} NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly NVIDIA PhysX-->MsiExec.exe /X{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask Odkurzacz 12.6-->"C:\Program Files (x86)\Odkurzacz\unins000.exe" OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05} Opera 11.64-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall PhotoShowExpress-->MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B} PlayStation®Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66} PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7} Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1} Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383} Pro Evolution Soccer 2012-->"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\unins002.exe" Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe" Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Robin Hood - Legenda Sherwood-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9C748279-288D-11D7-928D-00C0CA129740}\setup.exe" Roxio Activation Module-->MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C} Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7} Roxio Burn-->MsiExec.exe /I{7746BFAA-2B5D-4FFD-A0E8-4558F4668105} Roxio Creator Starter-->C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} /qb Roxio Creator Starter-->MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF} Roxio Creator Starter-->MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sanctum DLC Pack-->"C:\Program Files (x86)\Sanctum\unins000.exe" Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientLP Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientLP Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A} Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870} Sony Ericsson PC Companion 2.02.015-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly SopCast 3.5.0-->C:\Program Files (x86)\SopCast\uninst.exe Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6-->"C:\Program Files (x86)\Testy na Prawo Jazdy - B\unins000.exe" The Settlers II - Dziesięciolecie-->"C:\Program Files (x86)\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\uninstall.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended Usługa Autodesk Content Service-->MsiExec.exe /X{086F9A69-CD39-4893-A9FB-D3A0634CE3F7} Wiedźmin-->"C:\Program Files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0015 -removeonly Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76} Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80} Worms 3D-->C:\Program Files (x86)\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe -runfromtemp -l0x0015 -removeonly ======System event log====== Computer Name: dell Event Code: 7036 Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania. Record Number: 66770 Source Name: Service Control Manager Time Written: 20120115212350.311509-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 66769 Source Name: Service Control Manager Time Written: 20120115211859.127854-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan zatrzymania. Record Number: 66768 Source Name: Service Control Manager Time Written: 20120115211820.737659-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Użytkowanie aplikacji weszła w stan uruchomienia. Record Number: 66767 Source Name: Service Control Manager Time Written: 20120115211804.973757-000 Event Type: Informacje User: Computer Name: dell Event Code: 7036 Message: Usługa Harmonogram klas multimediów weszła w stan uruchomienia. Record Number: 66766 Source Name: Service Control Manager Time Written: 20120115211320.664495-000 Event Type: Informacje User: =====Application event log===== Computer Name: dell Event Code: 223 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowych plików dziennika (pliki z zakresu C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log-C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\edb00001.log). Record Number: 837 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 221 Message: WinMail (4292) WindowsMail0: Kończy się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore. Record Number: 836 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 220 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie kopii zapasowej pliku C:\Users\KruQ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (rozmiar 2 Mb). Record Number: 835 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 210 Message: WinMail (4292) WindowsMail0: Rozpoczyna się tworzenie pełnej kopii zapasowej. Record Number: 834 Source Name: ESENT Time Written: 20110627141646.000000-000 Event Type: Informacje User: Computer Name: dell Event Code: 102 Message: WinMail (4292) WindowsMail0: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0). Record Number: 833 Source Name: ESENT Time Written: 20110627141645.000000-000 Event Type: Informacje User: =====Security event log===== Computer Name: dell Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DELL$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 9 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x2645763 Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x23c Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 24932 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Typ logowania: 9 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 24931 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4672 Message: Przypisano specjalne uprawnienia do nowego logowania. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Uprawnienia: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 24930 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4624 Message: Użytkownik pomyślnie zalogował się na koncie. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: DELL$ Domena konta: WORKGROUP Identyfikator logowania: 0x3e7 Typ logowania: 9 Nowe logowanie: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x264573e Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000} Informacje o procesie: Identyfikator procesu: 0x23c Nazwa procesu: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe Informacje o sieci: Nazwa stacji roboczej: Adres źródłowy sieci: - Port źródłowy: - Szczegółowe informacje o uwierzytelnianiu: Proces logowania: Advapi Pakiet uwierzytelniania: Negotiate Usługi przejściowe: - Nazwa pakietu (tylko NTLM): - Długość klucza: 0 To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp. Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe. Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe). Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane. Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta. Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania. - Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy. - Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. - Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty. - Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0. Record Number: 24929 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: Computer Name: dell Event Code: 4634 Message: Użytkownik wylogował się z konta. Podmiot: Identyfikator zabezpieczeń: S-1-5-18 Nazwa konta: SYSTEM Domena konta: ZARZĄDZANIE NT Identyfikator logowania: 0x2645719 Typ logowania: 9 To zdarzenie jest generowane w przypadku zniszczenia sesji logowania. Można je jednoznacznie skorelować ze zdarzeniem logowania przy użyciu wartości identyfikatora logowania. Identyfikatory logowania są unikatowe tylko między ponownymi rozruchami na tym samym komputerze. Record Number: 24928 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120114134317.267303-000 Event Type: Sukcesy inspekcji User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "EMC_AUTOPLAY"=C:\Program Files (x86)\Common Files\Roxio Shared\OEM\ "RCAUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\ "BURN_AUTOPLAY"=C:\Program Files (x86)\Roxio\OEM\Roxio Burn\ "CM2012DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ "ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\ -----------------EOF----------------- [/log] i za chwilę dodam z OTL Oto i on: [log]OTL logfile created on: 2012-06-28 14:25:39 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\KruQ\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,92 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 7,32% Memory free 7,83 Gb Paging File | 5,42 Gb Available in Paging File | 69,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,27 Gb Total Space | 164,76 Gb Free Space | 37,09% Space Free | Partition Type: NTFS Drive D: | 208,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DELL | User Name: KruQ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-28 14:24:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe PRC - [2012-06-23 13:15:41 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012-05-11 02:10:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012-05-02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011-10-02 14:03:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-09-14 11:11:28 | 002,006,528 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\foobar2000.exe PRC - [2010-12-29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010-12-21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-23 13:15:40 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012-05-11 02:10:23 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011-10-15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011-09-20 19:21:14 | 001,457,664 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_input_std.dll MOD - [2011-09-14 11:11:28 | 002,006,528 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\foobar2000.exe MOD - [2011-09-14 11:10:12 | 000,276,480 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_dsp_std.dll MOD - [2011-09-14 11:09:52 | 000,365,056 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_albumlist.dll MOD - [2011-09-14 11:09:46 | 001,130,496 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_ui_std.dll MOD - [2011-09-14 11:09:40 | 000,299,008 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_cdda.dll MOD - [2011-09-14 11:09:32 | 000,480,256 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_converter.dll MOD - [2011-09-14 11:09:32 | 000,283,136 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_rgscan.dll MOD - [2011-09-14 11:09:06 | 000,171,008 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_unpack.dll MOD - [2011-09-14 11:08:24 | 000,275,456 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\components\foo_fileops.dll MOD - [2011-09-14 11:07:44 | 000,148,480 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\shared.dll MOD - [2011-02-19 10:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010-04-21 14:48:00 | 000,066,560 | ---- | M] () -- C:\Users\KruQ\Desktop\foobar2000\zlib1.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-06-14 03:13:46 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2012-03-11 23:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent) SRV:[b]64bit:[/b] - [2010-12-29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV:[b]64bit:[/b] - [2010-12-17 21:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:[b]64bit:[/b] - [2010-12-17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2010-12-17 21:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:[b]64bit:[/b] - [2010-11-29 22:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel® SRV:[b]64bit:[/b] - [2010-10-07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:[b]64bit:[/b] - [2010-09-23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2009-11-18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-06-23 13:15:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-06-12 11:56:48 | 000,412,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012-05-11 02:10:23 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-05-02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-05-02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011-10-02 14:03:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011-06-29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010-12-21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010-12-21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010-12-14 08:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010-11-25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010-11-25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010-10-07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012-05-02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:[b]64bit:[/b] - [2012-04-27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2012-04-25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2012-04-16 22:14:04 | 000,164,736 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA) DRV:[b]64bit:[/b] - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-12-09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:[b]64bit:[/b] - [2011-11-15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2011-11-13 06:40:41 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2011-08-27 13:30:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-07-08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2011-06-28 23:35:40 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:[b]64bit:[/b] - [2011-06-28 23:35:40 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:[b]64bit:[/b] - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-04-01 05:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2011-03-26 11:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-02-11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2011-02-11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2011-01-13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-12-22 03:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Sterownik karty Intel® DRV:[b]64bit:[/b] - [2010-12-14 15:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2010-12-01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010-12-01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:[b]64bit:[/b] - [2010-11-29 22:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:[b]64bit:[/b] - [2010-09-29 20:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:[b]64bit:[/b] - [2010-08-20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:[b]64bit:[/b] - [2010-08-12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2010-03-19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2010-02-27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002-07-17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6445FB48-E314-4BA0-AF6E-8D233C4F7F8B} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6445FB48-E314-4BA0-AF6E-8D233C4F7F8B}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLSDF8&pc=MDDS&src=IE-SearchBox"]http://www.bing.com/...rc=IE-SearchBox[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKLM\..\SearchScopes,DefaultScope = {5DA41502-9DE0-4273-BE2B-CA4217192DFC} IE - HKLM\..\SearchScopes\{C2DF5935-65B8-4C86-8E3E-A66497195EB5}: "URL" = [url="http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLSDF8&pc=MDDS&src=IE-SearchBox"]http://www.bing.com/...rc=IE-SearchBox[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www1.euro.dell.com/content/default.aspx?c=pl&l=pl&s=pad"]http://www1.euro.del...c=pl&l=pl&s=pad[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.onet.pl/"]http://www.onet.pl/[/url] IE - HKCU\..\SearchScopes,DefaultScope = {5DA41502-9DE0-4273-BE2B-CA4217192DFC} IE - HKCU\..\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}: "URL" = [url="http://startsear.ch/?aff=1&q=%7BsearchTerms%7D"]http://startsear.ch/...q={searchTerms}[/url] IE - HKCU\..\SearchScopes\{73749ED7-DAD2-4C5D-A552-6C1323F37FD8}: "URL" = [url="http://www.ceneo.pl/categories.aspx?search=yes&categoryID=0&searchText=%7BsearchTerms%7D&inDesc=False&minPrice=0&maxPrice=99999999"]http://www.ceneo.pl/...xPrice=99999999[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011-05-22 15:10:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-11 02:10:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-11-13 13:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Extensions [2012-06-27 22:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\qllexhym.default\extensions [2012-04-03 22:17:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\qllexhym.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-11-12 05:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KruQ\AppData\Roaming\mozilla\Firefox\Profiles\rsr1d28p.default\extensions [2012-03-24 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-06-02 00:49:06 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\KRUQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLLEXHYM.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012-02-26 21:31:30 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\KRUQ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLLEXHYM.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012-05-11 02:10:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-03-24 15:09:51 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-24 15:09:51 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2012-03-24 15:09:51 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2012-03-24 15:09:51 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2012-03-24 15:09:51 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-03-24 15:09:51 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} [url="https://www.bph.pl/sezam/components/SignActivX.cab"]https://www.bph.pl/s.../SignActivX.cab[/url] (SignActivX Control) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.34.50 212.76.34.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7DF532-FF23-479C-8A45-A1BC928E5F8F}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97598FB-A613-4029-8EFF-F9B0D32D0ADB}: DhcpNameServer = 212.76.34.50 212.76.34.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97598FB-A613-4029-8EFF-F9B0D32D0ADB}: NameServer = 8.26.56.26,156.154.70.22 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmpx - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-06-14 01:31:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012-02-04 03:13:24 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2012-01-06 08:46:28 | 000,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0432c779-8436-11e0-8033-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0432c779-8436-11e0-8033-806e6f6e6963}\Shell\AutoRun\command - "" = D:\MT4167.exe -- [2012-01-06 08:46:28 | 002,617,344 | R--- | M] () O33 - MountPoints2\{11e5303a-f33a-11e0-9e23-bc77377c2f3a}\Shell - "" = AutoRun O33 - MountPoints2\{11e5303a-f33a-11e0-9e23-bc77377c2f3a}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{72f3cbb8-a696-11e0-8d17-14feb5ada7b7}\Shell - "" = AutoRun O33 - MountPoints2\{72f3cbb8-a696-11e0-8d17-14feb5ada7b7}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{fe60b786-d093-11e0-8dd2-bc77377c2f3a}\Shell - "" = AutoRun O33 - MountPoints2\{fe60b786-d093-11e0-8dd2-bc77377c2f3a}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-28 14:24:09 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe [2012-06-28 14:03:39 | 000,000,000 | ---D | C] -- C:\rsit [2012-06-28 13:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012-06-28 00:15:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012-06-27 22:49:36 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\Macromedia [2012-06-27 14:35:26 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Malwarebytes [2012-06-27 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-06-27 14:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-06-27 14:34:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-06-27 14:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-06-25 19:58:24 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012-06-25 19:58:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012-06-25 19:58:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012-06-25 19:58:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012-06-25 19:58:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012-06-25 19:58:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012-06-25 19:57:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012-06-25 19:57:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012-06-14 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\cache [2012-06-14 04:32:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-06-14 04:32:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-06-14 04:32:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-06-14 04:32:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-06-14 04:32:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-06-14 04:32:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-06-14 04:32:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-06-14 04:32:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-06-14 04:32:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-06-14 04:32:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-06-14 04:32:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-06-14 04:32:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-06-14 04:32:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-06-14 03:17:14 | 000,000,000 | ---D | C] -- C:\Users\KruQ\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - Polski [2012-06-14 03:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012-06-14 03:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Local\Autodesk [2012-06-14 03:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012-06-14 03:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2012-06-14 03:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012-06-13 16:54:48 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Autodesk [2012-06-13 16:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012-06-13 16:45:49 | 000,357,704 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\styleman.cpl [2012-06-13 16:45:49 | 000,357,704 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\plotman.cpl [2012-06-13 16:41:57 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll [2012-06-13 16:40:06 | 000,045,280 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignIcon.dll [2012-06-13 16:40:06 | 000,035,040 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExt.dll [2012-06-13 16:40:06 | 000,016,712 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExtRes.dll [2012-06-13 16:38:41 | 000,432,864 | ---- | C] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignOpt.exe [2012-06-13 16:36:44 | 000,000,000 | ---D | C] -- C:\Autodesk [2012-06-13 12:34:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012-06-13 12:34:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012-06-13 12:34:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012-06-13 12:34:08 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012-06-13 12:34:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012-06-13 12:34:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012-06-13 12:34:03 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012-06-13 12:33:53 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012-06-13 12:33:52 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012-06-11 18:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2012-05-31 13:50:48 | 000,000,000 | ---D | C] -- C:\Users\KruQ\Desktop\mar [2012-05-31 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\KruQ\AppData\Roaming\Avira [2012-05-31 12:45:18 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012-05-31 12:45:18 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012-05-31 12:45:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012-05-31 12:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012-05-31 12:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-28 14:24:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\KruQ\Desktop\OTL.exe [2012-06-28 14:14:06 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-06-28 14:02:47 | 000,781,383 | ---- | M] () -- C:\Users\KruQ\Desktop\RSIT.exe [2012-06-28 13:51:52 | 001,402,880 | ---- | M] () -- C:\Users\KruQ\Desktop\HiJackThis.msi [2012-06-28 13:37:00 | 000,002,098 | ---- | M] () -- C:\Users\KruQ\Desktop\vba.ini [2012-06-28 12:27:52 | 001,694,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-06-28 12:27:52 | 000,749,654 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012-06-28 12:27:52 | 000,663,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-06-28 12:27:52 | 000,158,540 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012-06-28 12:27:52 | 000,124,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-06-28 12:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-06-28 08:59:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-28 08:59:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-28 08:49:55 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2012-06-28 00:43:08 | 000,031,744 | ---- | M] () -- C:\Users\KruQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-06-27 14:25:30 | 000,072,746 | ---- | M] () -- C:\Users\KruQ\Desktop\temp.gif [2012-06-26 23:07:01 | 007,973,420 | ---- | M] () -- C:\Users\KruQ\AppData\Local\census.cache [2012-06-26 22:54:44 | 000,145,008 | ---- | M] () -- C:\Users\KruQ\AppData\Local\ars.cache [2012-06-23 17:35:56 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012-06-23 13:15:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012-06-23 13:15:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012-06-21 15:01:27 | 000,067,806 | ---- | M] () -- C:\Users\KruQ\Desktop\bilety.pdf [2012-06-18 10:27:15 | 000,202,553 | ---- | M] () -- C:\Users\KruQ\Desktop\206f118468_5647473_565957794.pdf [2012-06-17 03:22:47 | 001,670,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-06-14 17:28:51 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Polski.lnk [2012-06-14 17:28:51 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk [2012-06-14 11:14:18 | 000,007,613 | ---- | M] () -- C:\Users\KruQ\AppData\Local\Resmon.ResmonCfg [2012-06-14 09:48:10 | 000,420,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-06-14 03:15:17 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-06-13 16:45:49 | 000,357,704 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\styleman.cpl [2012-06-13 16:45:49 | 000,357,704 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\plotman.cpl [2012-06-13 16:41:57 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll [2012-06-13 16:40:06 | 000,045,280 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignIcon.dll [2012-06-13 16:40:06 | 000,035,040 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExt.dll [2012-06-13 16:40:06 | 000,016,712 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignExtRes.dll [2012-06-13 16:38:41 | 000,432,864 | ---- | M] (Autodesk, Inc.) -- C:\Windows\SysNative\AcSignOpt.exe [2012-06-03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012-06-03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012-06-03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012-06-03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012-06-03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012-06-03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012-06-02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012-06-02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012-06-01 00:17:49 | 000,004,213 | ---- | M] () -- C:\Users\KruQ\Desktop\Dokument.rtf [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-28 14:02:30 | 000,781,383 | ---- | C] () -- C:\Users\KruQ\Desktop\RSIT.exe [2012-06-28 13:51:39 | 001,402,880 | ---- | C] () -- C:\Users\KruQ\Desktop\HiJackThis.msi [2012-06-27 14:25:24 | 000,072,746 | ---- | C] () -- C:\Users\KruQ\Desktop\temp.gif [2012-06-23 17:35:56 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012-06-21 15:02:04 | 000,067,806 | ---- | C] () -- C:\Users\KruQ\Desktop\bilety.pdf [2012-06-18 10:27:45 | 000,202,553 | ---- | C] () -- C:\Users\KruQ\Desktop\206f118468_5647473_565957794.pdf [2012-06-14 03:18:26 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk [2012-06-14 03:15:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-06-14 03:13:05 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - Polski.lnk [2012-05-31 19:26:28 | 000,004,213 | ---- | C] () -- C:\Users\KruQ\Desktop\Dokument.rtf [2012-03-07 19:33:56 | 000,430,917 | ---- | C] () -- C:\Users\KruQ\Śmiech Karo.mp4 [2012-01-15 09:46:38 | 007,973,420 | ---- | C] () -- C:\Users\KruQ\AppData\Local\census.cache [2012-01-15 09:41:37 | 000,145,008 | ---- | C] () -- C:\Users\KruQ\AppData\Local\ars.cache [2012-01-12 06:18:08 | 000,000,036 | ---- | C] () -- C:\Users\KruQ\AppData\Local\housecall.guid.cache [2011-11-10 23:06:09 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011-11-10 23:06:06 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011-11-10 23:06:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011-11-08 02:00:09 | 000,007,613 | ---- | C] () -- C:\Users\KruQ\AppData\Local\Resmon.ResmonCfg [2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011-10-02 14:03:05 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011-10-02 14:02:50 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011-08-26 23:13:28 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011-08-02 13:23:27 | 000,000,000 | ---- | C] () -- C:\Users\KruQ\AppData\Local\rx_image32.Cache [2011-07-02 14:47:17 | 001,670,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-07-02 02:59:58 | 000,031,744 | ---- | C] () -- C:\Users\KruQ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-28 21:00:25 | 000,000,883 | ---- | C] () -- C:\Users\KruQ\Nightly.lnk [2011-05-22 17:21:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011-05-22 17:21:32 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011-05-22 17:21:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011-05-22 14:58:10 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll < End of report > [/log] I [log]OTL Extras logfile created on: 2012-06-28 14:25:39 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\KruQ\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,92 Gb Total Physical Memory | 0,29 Gb Available Physical Memory | 7,32% Memory free 7,83 Gb Paging File | 5,42 Gb Available in Paging File | 69,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,27 Gb Total Space | 164,76 Gb Free Space | 37,09% Space Free | Partition Type: NTFS Drive D: | 208,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DELL | User Name: KruQ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PotPlayer.Enqueue] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" /ADD () Directory [PotPlayer.Play] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PotPlayer.Enqueue] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" /ADD () Directory [PotPlayer.Play] -- "C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018D572E-734D-4A65-A18D-D434B1F9BC05}" = rport=139 | protocol=6 | dir=out | app=system | "{03E2DA39-D5F3-4F90-98C0-01440A91CFC8}" = rport=137 | protocol=17 | dir=out | app=system | "{04C99855-5E88-49F5-8D0C-2BAB7296CDCE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{10A0DD72-9D91-410E-8073-34C55CA86F76}" = lport=2869 | protocol=6 | dir=in | app=system | "{1439BFD9-5F85-4BB3-8FAA-867E80C6D4BD}" = lport=139 | protocol=6 | dir=in | app=system | "{14C406DF-FEBA-4120-96D4-42D50E478744}" = rport=2869 | protocol=6 | dir=out | app=system | "{17928F3F-1779-43D7-98AE-23D8F1F3CE45}" = lport=61116 | protocol=6 | dir=in | name=aktualizacja programu trend micro client/server security agent | "{1E72ED47-9DFE-45BD-AB62-34BC9FD3D672}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30406BDB-9676-49F3-9A22-1E1EA76BEFAC}" = lport=10243 | protocol=6 | dir=in | app=system | "{3D9B42E7-B820-465C-B99A-4F0BC871DD69}" = lport=61117 | protocol=17 | dir=in | name=nadajnik programu trend micro client/server security agent | "{4240E19F-7586-45CF-8FB1-9BEF0C8738BA}" = lport=2869 | protocol=6 | dir=in | app=system | "{56940392-7E14-4E54-BB54-2AEB241992CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5981A338-012E-47EA-9E9C-C174CB86B212}" = lport=61116 | protocol=6 | dir=in | name=aktualizacja programu trend micro client/server security agent | "{654F5D92-2BC9-4325-A6DC-AC233F00845B}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | "{681AC755-8E11-42E8-9CA9-28957D3DA917}" = rport=10243 | protocol=6 | dir=out | app=system | "{6932DC84-328E-4E6D-949D-DA7AC9058DED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74C34688-E734-4E51-A46D-8FC413D09BD4}" = lport=445 | protocol=6 | dir=in | app=system | "{77AB06F6-4E36-4467-91B0-1290A419A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7AA3284C-1332-4367-A3B8-369C07CB142A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7DDD6189-ACF5-4677-AF81-14979389C361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{821564C4-9276-4C73-9C38-82E13F32438B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8B09288D-F4D9-486C-892B-D3825A5C9D8C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{92ECDF27-DF4C-4910-ACAA-137D5BA2632B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A370D6F1-EA1F-432A-9B55-FBA3B4A6429A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC835BC4-8A6E-41FE-B026-36563FA7DB94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFFCCB42-3CAF-48D9-8D1E-66E1910A616D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B10DD876-69C6-4B4E-B4F7-2BD9FE2B072F}" = rport=138 | protocol=17 | dir=out | app=system | "{BF0B9E49-23B4-4386-94EE-F7F2CCEBE1BB}" = lport=137 | protocol=17 | dir=in | app=system | "{C4CCD57D-06B4-4266-B888-55E7C2A9DB40}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C4F8F33F-913B-4D29-A7A8-A3CA45203628}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C5526A0A-D17E-447C-8F24-C3892C057CD9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E05ABD65-9F34-4C95-B874-67CE3863D541}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1685A57-7A4D-45FD-9CB6-C148740A68C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6567C3B-882F-409D-85B2-BE4EFAE6F39F}" = lport=138 | protocol=17 | dir=in | app=system | "{EAAF1552-E16D-4C28-ACC5-982B340A3AF6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{EEEBBD48-692C-43F0-B3A6-64A44204D245}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FBCB20C6-B2CE-41AA-BFE9-E677EB666583}" = rport=445 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0122DAA8-A30E-417B-B67A-8A7227ABE25D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{094181B4-0B0D-48EE-A722-CEAF73C0CBE6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{0ABAD9CA-2117-4B24-853D-C04942292AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0C1D81DE-5ABB-41F2-A2C6-4FDFD38CFC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | "{11B0755A-78C7-441E-A7AD-D226CEACF41A}" = protocol=6 | dir=in | app=c:\program files (x86)\assasins creed revelations\acrsp.exe | "{15A922B9-6BEC-4EA0-A9FD-E9808DD84BD6}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{19A5DAB5-E6AC-4C06-9222-BCE179DCA594}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{21C5CD0E-CF09-4E31-BD0E-97E985E7DD8C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{22202F66-ADAD-4DD4-A54D-E66F7CF8D3C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{22AD1A01-90CE-42BC-A4DB-9C09322D937E}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{2BC1B0C2-96AA-48DB-840A-6A7C4E67F702}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2E850E28-10D9-45B3-8A8C-965CA34DF74C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{31FE1170-F393-4D92-8D51-5D79D39AB410}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{327A8FAC-6FD9-4AF8-9796-90DED4363288}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{34E3FD6E-7C3C-4DB3-9B22-2CB45F3B08E7}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe | "{393802A9-E6BF-4D56-959A-2ECAD475E919}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | "{3EB42DE6-2BD0-46EE-8D52-0187C884E912}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3FDB256C-2822-4737-82FF-983715DDD482}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{488C3382-B389-4728-B37D-C1A7492D0EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe | "{4D83ED97-589F-4655-AE5F-B410709EFEF3}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{58A37649-79BB-4330-A8E1-320FE8ADFBFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{59AA9B73-5661-471E-9A77-08B432446382}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5DC7CAE0-6A9E-4E0F-BD0C-FA29A6BB8E68}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | "{6678CF18-650A-4663-954C-A98458A275C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6D99B845-D398-420F-B659-C816232D2F44}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{76126B67-2903-4990-B42A-1E200FC508D5}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{7AC58381-35C5-4EF2-A281-8EED500F4126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8047AD46-FBB0-40A6-82EE-54914EA44B8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{839020E6-B08A-47A1-9480-C1FE0A76C9D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8528A339-3334-42E4-BBCB-C19E20DF8CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "{977358EB-7A31-4B87-8CFD-B0D65213F2C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9879406A-099D-4358-A19E-5D9BDC347B75}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{9B9D9D9D-2926-4802-B80A-ACEF48B8858B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AA7A793F-8AF8-45CD-A8A2-A3FD2B19CB6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B0AC412F-60B4-41F2-B426-888F74073A23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B0F7D8ED-5988-4D19-A5AE-5572E02135EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B685CE2B-1D19-47D4-A264-432D8AE9148D}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | "{C8743540-96F3-4F76-A889-306E949D2DD1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{CBCE07D3-BC72-4B46-B0CC-8B812D601A4D}" = protocol=6 | dir=out | app=system | "{CE8B8C98-E913-4CF2-BCD8-212993D7B426}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | "{D06BD50B-EC5F-495E-B798-ADB06D912225}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{D2075AA3-0599-4A87-8F7A-F413FE19CD86}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{D3CDDED9-F0BC-46BF-8661-0D57CC6C7360}" = protocol=17 | dir=in | app=c:\program files (x86)\assasins creed revelations\acrsp.exe | "{D41CA7CD-C6BC-4B8A-893C-E7D7B28E1237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DB7E2A85-9ABF-4D70-9B61-782E5A082B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E922E825-3040-446D-BEDE-782DF8903FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{EC64C3E8-8A20-4ABA-8D2D-B805598C928A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EE4A3E7F-F003-4CDA-85A5-8AF7658C20D7}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | "{F0FE846C-918D-43A6-8F32-48EE6CB86725}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F61A48BB-8DE1-4104-B002-2128F2E38AE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F74781FC-B0D8-4C57-803E-07BCF2A467DF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{FC6A0AAA-2110-4F8F-A4EC-5407EE006841}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDBB8D12-A40C-4AB4-B0EC-4548B65F5EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FFE7DCF0-21C4-4406-AF8A-3EB28625901A}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe | "TCP Query User{04C0FC60-2453-4556-85BB-0981A4EE7B1C}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe | "TCP Query User{2A47CD1F-C3BF-460F-83D2-5B8B1623B014}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "TCP Query User{53EF4452-3E4B-40BE-816F-E181527E1E5E}C:\program files (x86)\3do\heroes3\heroes3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\3do\heroes3\heroes3.exe | "TCP Query User{551D2E7F-F5B0-4736-B40D-5A8373C475F1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{642E35C1-526D-4966-A7C7-8F5C0F6120DB}C:\program files (x86)\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\speed.exe | "TCP Query User{CBC49DC5-DDDB-4176-BF4F-4D8C1F80BDE2}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "TCP Query User{D576772F-04D1-4B45-B979-2E1B796E8839}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{055B6C12-EE84-4290-A359-9036B4204695}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{48B4C62F-0722-436C-BBAA-6BBEB55C3D25}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "UDP Query User{5A3DB3CC-A798-435A-98F1-0482AD154B0E}C:\program files (x86)\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed most wanted\speed.exe | "UDP Query User{85945EF6-2071-450C-A484-831BFA3B3791}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe | "UDP Query User{8EF0DF57-2DA7-40DB-89DC-EA639E9FFB39}C:\program files (x86)\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu\gg.exe | "UDP Query User{93D8A845-3254-4008-8F6A-C9F73921CC32}C:\program files (x86)\3do\heroes3\heroes3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\3do\heroes3\heroes3.exe | "UDP Query User{BB293EB7-C2B9-48AE-9347-036E5E2E6595}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition) "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001 "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager "{5783F2D7-A001-0415-0102-0060B0CE6BBA}" = AutoCAD 2012 - Polski "{5783F2D7-A001-0415-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Polski "{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0 "{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit "AutoCAD 2012 - Polski" = AutoCAD 2012 - Polski "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "BlackHawk Web Browser_is1" = BlackHawk Web Browser "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless "WinRAR archiver" = WinRAR 4.01 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Usługa Autodesk Content Service "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{15EF3E93-DBA4-4379-A991-9DD423BF5E10}" = G10 MeetingMan "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5 "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{38AF69D9-96BA-434D-ABFF-4B58795FC7A7}_is1" = Pro Evolution Soccer 2012 "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{8844334E-8D00-464A-837F-0E0E9DC85046}" = GTA II "{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms 3D "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTA III "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C748279-288D-11D7-928D-00C0CA129740}" = Robin Hood - Legenda Sherwood "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A2BA9D1E-7F4F-4A2D-82AA-0871EDE6D541}_is1" = Battlefield 3 FURiA wersja 1.0 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B49E6519-1D58-4FF6-A1C1-2F0579FC7D4B}" = Nokia PC Internet Access "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CC419DDC-E0F0-4013-B25A-6FA036516F0D}" = Need for Speed™ ProStreet "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0BBB781-0EDD-4F76-8CC5-6658437B68AB}" = GTA London 1969 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.015 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin "{F428FE7B-7E50-4B34-94E1-B6069C39D610}_is1" = Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6 "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FBEAAA80-A6BA-41C1-BB86-BB805C821F9E}" = GTA I "18 Wheels of Steel Across America" = 18 Wheels of Steel Across America "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Alpha Protocol_is1" = Alpha Protocol "Assasins Creed: Revelations_is1" = Assasins Creed: Revelations "Avira AntiVir Desktop" = Avira Free Antivirus "Civilization V_is1" = Civilization V "Comodo Dragon" = Comodo Dragon "DAEMON Tools Lite" = DAEMON Tools Lite "Daum PotPlayer_is1" = Daum PotPlayer 1.5.31908.0 Beta PL "Dell Webcam Central" = Dell Webcam Central "Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2 "foobar2000" = foobar2000 v1.1.8 beta 4 "Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0 "Gadu-Gadu" = Gadu-Gadu 7.7 "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III "InstallShield_{15EF3E93-DBA4-4379-A991-9DD423BF5E10}" = G10 MeetingMan "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "IT9130 DriverInstaller_11.9.2.1" = IT9130 Driver v11.9.2.1 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full) "Lion King_is1" = Lion King "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.61.0.1400 "Maxthon3" = Maxthon 3 "Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Nokia PC Internet Access" = Nokia PC Internet Access "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "OpenAL" = OpenAL "Opera 11.64.1403" = Opera 11.64 "S2TNG" = The Settlers II - Dziesięciolecie "Sanctum DLC Pack_is1" = Sanctum DLC Pack "SopCast" = SopCast 3.5.0 "WinLiveSuite" = Podstawowe programy Windows Live [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Katalog Inter Motors 2011" = Katalog Inter Motors 2011 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-05-31 18:10:55 | Computer Name = dell | Source = CVHSVC | ID = 100 Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}): DownloadLatest Failed: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty. Error - 2012-06-11 04:24:53 | Computer Name = dell | Source = CVHSVC | ID = 100 Description = Tylko informacje. (Patch task for {90140011-0066-0415-0000-0000000FF1CE}): DownloadLatest Failed: Obecnie nie ma aktywnych połączeń sieciowych. Usługa inteligentnego transferu w tle (BITS) ponowni próbę po podłączeniu karty. Error - 2012-06-11 12:28:34 | Computer Name = dell | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: DriverInstall64.exe , wersja: 0.1.5.4, sygnatura czasowa: 0x4cca2f78 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0030002c Identyfikator procesu powodującego błąd: 0x3060 Godzina uruchomienia aplikacji powodującej błąd: 0x01cd47eef1506518 Ścieżka aplikacji powodującej błąd: C:\Users\KruQ\AppData\Local\Temp\DriverInstall64.exe Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 7c7db3f1-b3e2-11e1-99e2-bc77377c2f3a Error - 2012-06-13 10:56:46 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = Error - 2012-06-13 10:56:52 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = Error - 2012-06-13 10:57:09 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = Error - 2012-06-13 10:57:33 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = Error - 2012-06-13 11:04:09 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = Error - 2012-06-13 11:29:23 | Computer Name = dell | Source = Application Hang | ID = 1002 Description = Program fifa.exe w wersji 1.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 31fc Godzina rozpoczęcia: 01cd4979058e76a5 Godzina zakończenia: 84 Ścieżka aplikacji: C:\Users\KruQ\Desktop\fifa12\Game\fifa.exe Identyfikator raportu: 6d18feef-b56c-11e1-99e2-bc77377c2f3a Error - 2012-06-13 19:56:25 | Computer Name = dell | Source = MsiInstaller | ID = 11719 Description = [ System Events ] Error - 2012-06-28 04:02:57 | Computer Name = dell | Source = Service Control Manager | ID = 7001 Description = Usługa Application Virtualization Client zależy od usługi Application Virtualization Service Agent, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-28 04:03:44 | Computer Name = dell | Source = Service Control Manager | ID = 7001 Description = Usługa Application Virtualization Client zależy od usługi Application Virtualization Service Agent, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-28 04:04:45 | Computer Name = dell | Source = Service Control Manager | ID = 7001 Description = Usługa Application Virtualization Client zależy od usługi Application Virtualization Service Agent, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-28 04:05:05 | Computer Name = dell | Source = Service Control Manager | ID = 7001 Description = Usługa Application Virtualization Client zależy od usługi Application Virtualization Service Agent, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-28 04:50:34 | Computer Name = dell | Source = Service Control Manager | ID = 7034 Description = Usługa MBAMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-06-28 04:50:42 | Computer Name = dell | Source = Service Control Manager | ID = 7031 Description = Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2012-06-28 04:50:44 | Computer Name = dell | Source = Service Control Manager | ID = 7034 Description = Usługa Validity VCS Fingerprint Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-06-28 04:53:54 | Computer Name = dell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\Windows\System32\IWMSSvc.dll Error - 2012-06-28 06:09:05 | Computer Name = dell | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\Windows\System32\IWMSSvc.dll Error - 2012-06-28 06:53:19 | Computer Name = dell | Source = Service Control Manager | ID = 7034 Description = Usługa Intel(R) Management and Security Application User Notification Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. < End of report > [/log] i jak to się prezentuje..? Pozdrawiam, KruQ.
KruQ komentarz 28 czerwca 2012 Autor komentarz 28 czerwca 2012 Próbowałem, ale z tego co pamiętam był z tym problem i kończyło się na analizie. Zaraz spróbuję jeszcze raz i powiem z jakim efektem.
klerzak komentarz 28 czerwca 2012 komentarz 28 czerwca 2012 Ew. ściągnij program HD Tune, po czym w zakładce [Health] sprawdź czy wszystko jest 'OK' w kolumnie [Status], a następnie wejdź w zakładkę [Error Scan] i wykonaj skanowanie dysku. Rzecz jasna podziel się tutaj wynikiem
wirusolog komentarz 28 czerwca 2012 komentarz 28 czerwca 2012 (edytowane) W logach nie widać niczego podejrzanego. Mała korekta po pustych plikach + usunięcie wpisu przeglądarkowego. [quote] HD Tune, po czym w zakładce [Health] sprawdź czy wszystko jest 'OK' w kolumnie [Status], [/quote] Te swoje cudne rady zachowaj dla siebie. Nie analizuje się SMART po komunikacie ,,OK" tylko po wartościach atrybutów. Tak więc zamilcz. [hr] [b]1.[/b] Uruchom OTL i w sekcji [b]Własne opcje skanowania / skrypt[/b] wklej: [code]:OTL O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}] :Files C:\Windows\tasks\Adobe Flash Player Updater.job c:\Program Files (x86)\Trend Micro :Commands [emptytemp][/code] Klik w [b]Wykonaj skrypt[/b]. Nastąpi restart systemu. Po restarcie zostanie pokazany raport z czyszczenia - pokaż Nam go.
KruQ komentarz 4 lipca 2012 Autor komentarz 4 lipca 2012 Ok, skończy się defragmentacja, zrobię to i podzielę się raportem Troszkę późno, ale sesja i czasu nie było Mam nadzieję że chodzi o ten: [log]All processes killed ========== OTL ========== 64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ scheduled to be deleted on reboot. Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ . Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ scheduled to be deleted on reboot. Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ . 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ scheduled to be deleted on reboot. Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ . File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DA41502-9DE0-4273-BE2B-CA4217192DFC}\ not found. ========== FILES ========== File move failed. C:\Windows\tasks\Adobe Flash Player Updater.job scheduled to be moved on reboot. c:\Program Files (x86)\Trend Micro\HiJackThis folder moved successfully. c:\Program Files (x86)\Trend Micro folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: KruQ ->Temp folder emptied: 188706824 bytes ->Temporary Internet Files folder emptied: 4980583417 bytes ->Java cache emptied: 426320 bytes ->FireFox cache emptied: 111095724 bytes ->Opera cache emptied: 28431761 bytes ->Flash cache emptied: 2467 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 1618992 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 92469112 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 467953 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5 154,00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07042012_142438 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...[/log]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.